As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.
# CloudFront exemplos usando o SDK for Java 2.x
Os exemplos de código a seguir mostram como realizar ações e implementar cenários comuns usando o AWS SDK for Java 2.x with CloudFront.
*Ações* são trechos de código de programas maiores e devem ser executadas em contexto. Embora as ações mostrem como chamar perfis de serviço individuais, você pode ver as ações no contexto em seus cenários relacionados.
*Cenários* são exemplos de código que mostram como realizar tarefas específicas chamando várias funções dentro de um serviço ou combinadas com outros Serviços da AWS.
Cada exemplo inclui um link para o código-fonte completo, em que você pode encontrar instruções sobre como configurar e executar o código.
**Topics**
+ [Ações](#actions)
+ [Cenários](#scenarios)
## Ações
### `CreateDistribution`
O código de exemplo a seguir mostra como usar `CreateDistribution`.
**SDK para Java 2.x**
Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples).
O exemplo a seguir usa um bucket do Amazon Simple Storage Service (Amazon S3) como origem de conteúdo.
Depois de criar a distribuição, o código cria um [CloudFrontWaiter](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/waiters/CloudFrontWaiter.html)para esperar até que a distribuição seja implantada antes de retornar a distribuição.
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.core.internal.waiters.ResponseOrException;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.Distribution;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.ItemSelection;
import software.amazon.awssdk.services.cloudfront.model.Method;
import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy;
import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter;
import software.amazon.awssdk.services.s3.S3Client;
import java.time.Instant;
public class CreateDistribution {
private static final Logger logger = LoggerFactory.getLogger(CreateDistribution.class);
public static Distribution createDistribution(CloudFrontClient cloudFrontClient, S3Client s3Client,
final String bucketName, final String keyGroupId, final String originAccessControlId) {
final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers()
.get("x-amz-bucket-region").get(0);
final String originDomain = bucketName + ".s3." + region + ".amazonaws.com";
String originId = originDomain; // Use the originDomain value for the originId.
// The service API requires some deprecated methods, such as
// DefaultCacheBehavior.Builder#minTTL and #forwardedValue.
CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder
.distributionConfig(b1 -> b1
.origins(b2 -> b2
.quantity(1)
.items(b3 -> b3
.domainName(originDomain)
.id(originId)
.s3OriginConfig(builder4 -> builder4
.originAccessIdentity(
""))
.originAccessControlId(
originAccessControlId)))
.defaultCacheBehavior(b2 -> b2
.viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.minTTL(200L)
.forwardedValues(b5 -> b5
.cookies(cp -> cp
.forward(ItemSelection.NONE))
.queryString(true))
.trustedKeyGroups(b3 -> b3
.quantity(1)
.items(keyGroupId)
.enabled(true))
.allowedMethods(b4 -> b4
.quantity(2)
.items(Method.HEAD, Method.GET)
.cachedMethods(b5 -> b5
.quantity(2)
.items(Method.HEAD,
Method.GET))))
.cacheBehaviors(b -> b
.quantity(1)
.items(b2 -> b2
.pathPattern("/index.html")
.viewerProtocolPolicy(
ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.trustedKeyGroups(b3 -> b3
.quantity(1)
.items(keyGroupId)
.enabled(true))
.minTTL(200L)
.forwardedValues(b4 -> b4
.cookies(cp -> cp
.forward(ItemSelection.NONE))
.queryString(true))
.allowedMethods(b5 -> b5.quantity(2)
.items(Method.HEAD,
Method.GET)
.cachedMethods(b6 -> b6
.quantity(2)
.items(Method.HEAD,
Method.GET)))))
.enabled(true)
.comment("Distribution built with java")
.callerReference(Instant.now().toString())));
final Distribution distribution = createDistResponse.distribution();
logger.info("Distribution created. DomainName: [{}] Id: [{}]", distribution.domainName(),
distribution.id());
logger.info("Waiting for distribution to be deployed ...");
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distribution.id()))
.matched();
responseOrException.response()
.orElseThrow(() -> new RuntimeException("Distribution not created"));
logger.info("Distribution deployed. DomainName: [{}] Id: [{}]", distribution.domainName(),
distribution.id());
}
return distribution;
}
}
```
+ Para obter detalhes da API, consulte [CreateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistribution)a *Referência AWS SDK for Java 2.x da API*.
### `CreateFunction`
O código de exemplo a seguir mostra como usar `CreateFunction`.
**SDK para Java 2.x**
Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples).
```
import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CloudFrontException;
import software.amazon.awssdk.services.cloudfront.model.CreateFunctionRequest;
import software.amazon.awssdk.services.cloudfront.model.CreateFunctionResponse;
import software.amazon.awssdk.services.cloudfront.model.FunctionConfig;
import software.amazon.awssdk.services.cloudfront.model.FunctionRuntime;
import java.io.InputStream;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateFunction {
public static void main(String[] args) {
final String usage = """
Usage:
Where:
functionName - The name of the function to create.\s
filePath - The path to a file that contains the application logic for the function.\s
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String functionName = args[0];
String filePath = args[1];
CloudFrontClient cloudFrontClient = CloudFrontClient.builder()
.region(Region.AWS_GLOBAL)
.build();
String funArn = createNewFunction(cloudFrontClient, functionName, filePath);
System.out.println("The function ARN is " + funArn);
cloudFrontClient.close();
}
public static String createNewFunction(CloudFrontClient cloudFrontClient, String functionName, String filePath) {
try {
InputStream fileIs = CreateFunction.class.getClassLoader().getResourceAsStream(filePath);
SdkBytes functionCode = SdkBytes.fromInputStream(fileIs);
FunctionConfig config = FunctionConfig.builder()
.comment("Created by using the CloudFront Java API")
.runtime(FunctionRuntime.CLOUDFRONT_JS_1_0)
.build();
CreateFunctionRequest functionRequest = CreateFunctionRequest.builder()
.name(functionName)
.functionCode(functionCode)
.functionConfig(config)
.build();
CreateFunctionResponse response = cloudFrontClient.createFunction(functionRequest);
return response.functionSummary().functionMetadata().functionARN();
} catch (CloudFrontException e) {
System.err.println(e.getMessage());
System.exit(1);
}
return "";
}
}
```
+ Para obter detalhes da API, consulte [CreateFunction](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateFunction)a *Referência AWS SDK for Java 2.x da API*.
### `CreateKeyGroup`
O código de exemplo a seguir mostra como usar `CreateKeyGroup`.
**SDK para Java 2.x**
Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples).
Um grupo de chaves exige pelo menos uma chave pública usada para verificar a assinatura URLs ou os cookies.
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import java.util.UUID;
public class CreateKeyGroup {
private static final Logger logger = LoggerFactory.getLogger(CreateKeyGroup.class);
public static String createKeyGroup(CloudFrontClient cloudFrontClient, String publicKeyId) {
String keyGroupId = cloudFrontClient.createKeyGroup(b -> b.keyGroupConfig(c -> c
.items(publicKeyId)
.name("JavaKeyGroup" + UUID.randomUUID())))
.keyGroup().id();
logger.info("KeyGroup created with ID: [{}]", keyGroupId);
return keyGroupId;
}
}
```
+ Para obter detalhes da API, consulte [CreateKeyGroup](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateKeyGroup)a *Referência AWS SDK for Java 2.x da API*.
### `CreatePublicKey`
O código de exemplo a seguir mostra como usar `CreatePublicKey`.
**SDK para Java 2.x**
Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples).
O exemplo de código a seguir lê uma chave pública e a carrega na Amazon CloudFront.
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreatePublicKeyResponse;
import software.amazon.awssdk.utils.IoUtils;
import java.io.IOException;
import java.io.InputStream;
import java.util.UUID;
public class CreatePublicKey {
private static final Logger logger = LoggerFactory.getLogger(CreatePublicKey.class);
public static String createPublicKey(CloudFrontClient cloudFrontClient, String publicKeyFileName) {
try (InputStream is = CreatePublicKey.class.getClassLoader().getResourceAsStream(publicKeyFileName)) {
String publicKeyString = IoUtils.toUtf8String(is);
CreatePublicKeyResponse createPublicKeyResponse = cloudFrontClient
.createPublicKey(b -> b.publicKeyConfig(c -> c
.name("JavaCreatedPublicKey" + UUID.randomUUID())
.encodedKey(publicKeyString)
.callerReference(UUID.randomUUID().toString())));
String createdPublicKeyId = createPublicKeyResponse.publicKey().id();
logger.info("Public key created with id: [{}]", createdPublicKeyId);
return createdPublicKeyId;
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
```
+ Para obter detalhes da API, consulte [CreatePublicKey](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreatePublicKey)a *Referência AWS SDK for Java 2.x da API*.
### `DeleteDistribution`
O código de exemplo a seguir mostra como usar `DeleteDistribution`.
**SDK para Java 2.x**
Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples).
O exemplo de código a seguir atualiza uma distribuição para *desativada*, usa um waiter que aguarda a implantação da alteração e, em seguida, exclui a distribuição.
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.core.internal.waiters.ResponseOrException;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.DeleteDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionConfig;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter;
public class DeleteDistribution {
private static final Logger logger = LoggerFactory.getLogger(DeleteDistribution.class);
public static void deleteDistribution(final CloudFrontClient cloudFrontClient, final String distributionId) {
// First, disable the distribution by updating it.
GetDistributionResponse response = cloudFrontClient.getDistribution(b -> b
.id(distributionId));
String etag = response.eTag();
DistributionConfig distConfig = response.distribution().distributionConfig();
cloudFrontClient.updateDistribution(builder -> builder
.id(distributionId)
.distributionConfig(builder1 -> builder1
.cacheBehaviors(distConfig.cacheBehaviors())
.defaultCacheBehavior(distConfig.defaultCacheBehavior())
.enabled(false)
.origins(distConfig.origins())
.comment(distConfig.comment())
.callerReference(distConfig.callerReference())
.defaultCacheBehavior(distConfig.defaultCacheBehavior())
.priceClass(distConfig.priceClass())
.aliases(distConfig.aliases())
.logging(distConfig.logging())
.defaultRootObject(distConfig.defaultRootObject())
.customErrorResponses(distConfig.customErrorResponses())
.httpVersion(distConfig.httpVersion())
.isIPV6Enabled(distConfig.isIPV6Enabled())
.restrictions(distConfig.restrictions())
.viewerCertificate(distConfig.viewerCertificate())
.webACLId(distConfig.webACLId())
.originGroups(distConfig.originGroups()))
.ifMatch(etag));
logger.info("Distribution [{}] is DISABLED, waiting for deployment before deleting ...",
distributionId);
GetDistributionResponse distributionResponse;
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distributionId)).matched();
distributionResponse = responseOrException.response()
.orElseThrow(() -> new RuntimeException("Could not disable distribution"));
}
DeleteDistributionResponse deleteDistributionResponse = cloudFrontClient
.deleteDistribution(builder -> builder
.id(distributionId)
.ifMatch(distributionResponse.eTag()));
if (deleteDistributionResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Distribution [{}] DELETED", distributionId);
}
}
}
```
+ Para obter detalhes da API, consulte [DeleteDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteDistribution)a *Referência AWS SDK for Java 2.x da API*.
### `UpdateDistribution`
O código de exemplo a seguir mostra como usar `UpdateDistribution`.
**SDK para Java 2.x**
Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionRequest;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.Distribution;
import software.amazon.awssdk.services.cloudfront.model.DistributionConfig;
import software.amazon.awssdk.services.cloudfront.model.UpdateDistributionRequest;
import software.amazon.awssdk.services.cloudfront.model.CloudFrontException;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ModifyDistribution {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
id - the id value of the distribution.\s
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String id = args[0];
CloudFrontClient cloudFrontClient = CloudFrontClient.builder()
.region(Region.AWS_GLOBAL)
.build();
modDistribution(cloudFrontClient, id);
cloudFrontClient.close();
}
public static void modDistribution(CloudFrontClient cloudFrontClient, String idVal) {
try {
// Get the Distribution to modify.
GetDistributionRequest disRequest = GetDistributionRequest.builder()
.id(idVal)
.build();
GetDistributionResponse response = cloudFrontClient.getDistribution(disRequest);
Distribution disObject = response.distribution();
DistributionConfig config = disObject.distributionConfig();
// Create a new DistributionConfig object and add new values to comment and
// aliases
DistributionConfig config1 = DistributionConfig.builder()
.aliases(config.aliases()) // You can pass in new values here
.comment("New Comment")
.cacheBehaviors(config.cacheBehaviors())
.priceClass(config.priceClass())
.defaultCacheBehavior(config.defaultCacheBehavior())
.enabled(config.enabled())
.callerReference(config.callerReference())
.logging(config.logging())
.originGroups(config.originGroups())
.origins(config.origins())
.restrictions(config.restrictions())
.defaultRootObject(config.defaultRootObject())
.webACLId(config.webACLId())
.httpVersion(config.httpVersion())
.viewerCertificate(config.viewerCertificate())
.customErrorResponses(config.customErrorResponses())
.build();
UpdateDistributionRequest updateDistributionRequest = UpdateDistributionRequest.builder()
.distributionConfig(config1)
.id(disObject.id())
.ifMatch(response.eTag())
.build();
cloudFrontClient.updateDistribution(updateDistributionRequest);
} catch (CloudFrontException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Para obter detalhes da API, consulte [UpdateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/UpdateDistribution)a *Referência AWS SDK for Java 2.x da API*.
## Cenários
### Criar uma distribuição multilocatária e um locatário de distribuição
O exemplo a seguir mostra como criar uma distribuição multilocatária e um locatário de distribuição com várias configurações.
**SDK para Java 2.x**
Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples).
O exemplo a seguir demonstra como criar uma distribuição multilocatária com parâmetros e certificado curinga.
```
import software.amazon.awssdk.core.internal.waiters.ResponseOrException;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.ConnectionMode;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.Distribution;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.HttpVersion;
import software.amazon.awssdk.services.cloudfront.model.Method;
import software.amazon.awssdk.services.cloudfront.model.SSLSupportMethod;
import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy;
import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter;
import software.amazon.awssdk.services.s3.S3Client;
import java.time.Instant;
public class CreateMultiTenantDistribution {
public static Distribution CreateMultiTenantDistributionWithCert(CloudFrontClient cloudFrontClient,
S3Client s3Client,
final String bucketName,
final String certificateArn) {
// fetch the origin info if necessary
final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers()
.get("x-amz-bucket-region").get(0);
final String originDomain = bucketName + ".s3." + region + ".amazonaws.com";
String originId = originDomain; // Use the originDomain value for the originId.
CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder
.distributionConfig(b1 -> b1
.httpVersion(HttpVersion.HTTP2)
.enabled(true)
.comment("Template Distribution with cert built with java")
.connectionMode(ConnectionMode.TENANT_ONLY)
.callerReference(Instant.now().toString())
.viewerCertificate(certBuilder -> certBuilder
.acmCertificateArn(certificateArn)
.sslSupportMethod(SSLSupportMethod.SNI_ONLY))
.origins(b2 -> b2
.quantity(1)
.items(b3 -> b3
.domainName(originDomain)
.id(originId)
.originPath("/{{tenantName}}")
.s3OriginConfig(builder4 -> builder4
.originAccessIdentity(
""))))
.tenantConfig(b5 -> b5
.parameterDefinitions(b6 -> b6
.name("tenantName")
.definition(b7 -> b7
.stringSchema(b8 -> b8
.comment("tenantName value")
.defaultValue("root")
.required(false)))))
.defaultCacheBehavior(b2 -> b2
.viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy
.allowedMethods(b4 -> b4
.quantity(2)
.items(Method.HEAD, Method.GET)))
));
final Distribution distribution = createDistResponse.distribution();
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distribution.id()))
.matched();
responseOrException.response()
.orElseThrow(() -> new RuntimeException("Distribution not created"));
}
return distribution;
}
public static Distribution CreateMultiTenantDistributionNoCert(CloudFrontClient cloudFrontClient,
S3Client s3Client,
final String bucketName) {
// fetch the origin info if necessary
final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers()
.get("x-amz-bucket-region").get(0);
final String originDomain = bucketName + ".s3." + region + ".amazonaws.com";
String originId = originDomain; // Use the originDomain value for the originId.
CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder
.distributionConfig(b1 -> b1
.httpVersion(HttpVersion.HTTP2)
.enabled(true)
.comment("Template Distribution with cert built with java")
.connectionMode(ConnectionMode.TENANT_ONLY)
.callerReference(Instant.now().toString())
.origins(b2 -> b2
.quantity(1)
.items(b3 -> b3
.domainName(originDomain)
.id(originId)
.originPath("/{{tenantName}}")
.s3OriginConfig(builder4 -> builder4
.originAccessIdentity(
""))))
.tenantConfig(b5 -> b5
.parameterDefinitions(b6 -> b6
.name("tenantName")
.definition(b7 -> b7
.stringSchema(b8 -> b8
.comment("tenantName value")
.defaultValue("root")
.required(false)))))
.defaultCacheBehavior(b2 -> b2
.viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy
.allowedMethods(b4 -> b4
.quantity(2)
.items(Method.HEAD, Method.GET)))
));
final Distribution distribution = createDistResponse.distribution();
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distribution.id()))
.matched();
responseOrException.response()
.orElseThrow(() -> new RuntimeException("Distribution not created"));
}
return distribution;
}
}
```
O exemplo a seguir demonstra como criar um locatário de distribuição associado a esse modelo, incluindo a utilização do parâmetro que declaramos acima. Observe que não precisamos adicionar informações do certificado aqui porque nosso domínio já está coberto pelo modelo principal.
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantNoCert(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.enabled(false)
.name("no-cert-tenant")
);
final DistributionTenant distributionTenant = createResponse.distributionTenant();
// Then update the Route53 hosted zone to point your domain at the distribution tenant
// We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
.identifier(distributionTenant.connectionGroupId()));
route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("ChangeBatch comment")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type("CNAME")
.ttl(300L)
.resourceRecords(b4 -> b4
.value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
.action("CREATE"))
));
return distributionTenant;
}
}
```
Se o certificado do visualizador fosse omitido do modelo principal, você precisaria adicionar informações do certificado sobre os inquilinos associados a ele. O exemplo a seguir demonstra como fazer isso por meio de um certificado ACM arn que cobre o domínio necessário para o inquilino.
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantWithCert(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId,
String certificateArn) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.enabled(false)
.name("tenant-with-cert")
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.customizations(b3 -> b3
.certificate(b4 -> b4
.arn(certificateArn))) // NOTE: Cert must be in Us-East-1 and cover the domain provided in this request
);
final DistributionTenant distributionTenant = createResponse.distributionTenant();
// Then update the Route53 hosted zone to point your domain at the distribution tenant
// We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
.identifier(distributionTenant.connectionGroupId()));
route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("ChangeBatch comment")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type("CNAME")
.ttl(300L)
.resourceRecords(b4 -> b4
.value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
.action("CREATE"))
));
return distributionTenant;
}
}
```
O exemplo a seguir demonstra como fazer isso com uma solicitação de certificado gerenciado CloudFront -hosted. Isso é ideal se você ainda não tiver tráfego para o seu domínio. Nesse caso, criamos um ConnectionGroup para gerar um RoutingEndpoint. Em seguida, usamos isso RoutingEndpoint para criar registros DNS que verificam a propriedade do domínio e apontam para CloudFront. CloudFront em seguida, fornecerá automaticamente um token para validar a propriedade do domínio e criar um certificado gerenciado.
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantCfHosted(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId) throws InterruptedException {
CreateConnectionGroupResponse createConnectionGroupResponse = cloudFrontClient.createConnectionGroup(builder -> builder
.ipv6Enabled(true)
.name("cf-hosted-connection-group")
.enabled(true));
route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("cf-hosted domain validation record")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type(RRType.CNAME)
.ttl(300L)
.resourceRecords(b4 -> b4
.value(createConnectionGroupResponse.connectionGroup().routingEndpoint())))
.action("CREATE"))
));
// Give the R53 record time to propagate, if it isn't being returned by servers yet, the following call will fail
Thread.sleep(60000);
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.connectionGroupId(createConnectionGroupResponse.connectionGroup().id())
.enabled(false)
.name("cf-hosted-tenant")
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.managedCertificateRequest(b3 -> b3
.validationTokenHost(ValidationTokenHost.CLOUDFRONT)
)
);
return createResponse.distributionTenant();
}
}
```
O exemplo a seguir demonstra como fazer isso com uma solicitação de certificado gerenciado auto-hospedado. Isso é ideal se você tiver tráfego para o seu domínio e não puder tolerar o tempo de inatividade durante uma migração. No final deste exemplo, o inquilino será criado em um estado aguardando a validação do domínio e a configuração do DNS. Siga as etapas [aqui] (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certificates.html\$1complete-domain-ownership) para concluir a configuração quando estiver pronto para migrar o tráfego.
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantSelfHosted(CloudFrontClient cloudFrontClient,
String distributionId,
String domain) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.enabled(false)
.name("self-hosted-tenant")
.managedCertificateRequest(b3 -> b3
.validationTokenHost(ValidationTokenHost.SELF_HOSTED)
.primaryDomainName(domain)
)
);
return createResponse.distributionTenant();
}
}
```
+ Para obter detalhes da API, consulte os tópicos a seguir na *Referência da API AWS SDK for Java 2.x *.
+ [CreateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistribution)
+ [CreateDistributionTenant](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistributionTenant)
### Excluir recursos de assinatura
O exemplo de código a seguir mostra como excluir recursos que são usados para obter acesso a conteúdo restrito em um bucket do Amazon Simple Storage Service (Amazon S3).
**SDK para Java 2.x**
Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples).
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.DeleteKeyGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.DeleteOriginAccessControlResponse;
import software.amazon.awssdk.services.cloudfront.model.DeletePublicKeyResponse;
import software.amazon.awssdk.services.cloudfront.model.GetKeyGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.GetOriginAccessControlResponse;
import software.amazon.awssdk.services.cloudfront.model.GetPublicKeyResponse;
public class DeleteSigningResources {
private static final Logger logger = LoggerFactory.getLogger(DeleteSigningResources.class);
public static void deleteOriginAccessControl(final CloudFrontClient cloudFrontClient,
final String originAccessControlId) {
GetOriginAccessControlResponse getResponse = cloudFrontClient
.getOriginAccessControl(b -> b.id(originAccessControlId));
DeleteOriginAccessControlResponse deleteResponse = cloudFrontClient.deleteOriginAccessControl(builder -> builder
.id(originAccessControlId)
.ifMatch(getResponse.eTag()));
if (deleteResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Successfully deleted Origin Access Control [{}]", originAccessControlId);
}
}
public static void deleteKeyGroup(final CloudFrontClient cloudFrontClient, final String keyGroupId) {
GetKeyGroupResponse getResponse = cloudFrontClient.getKeyGroup(b -> b.id(keyGroupId));
DeleteKeyGroupResponse deleteResponse = cloudFrontClient.deleteKeyGroup(builder -> builder
.id(keyGroupId)
.ifMatch(getResponse.eTag()));
if (deleteResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Successfully deleted Key Group [{}]", keyGroupId);
}
}
public static void deletePublicKey(final CloudFrontClient cloudFrontClient, final String publicKeyId) {
GetPublicKeyResponse getResponse = cloudFrontClient.getPublicKey(b -> b.id(publicKeyId));
DeletePublicKeyResponse deleteResponse = cloudFrontClient.deletePublicKey(builder -> builder
.id(publicKeyId)
.ifMatch(getResponse.eTag()));
if (deleteResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Successfully deleted Public Key [{}]", publicKeyId);
}
}
}
```
+ Para obter detalhes da API, consulte os tópicos a seguir na *Referência da API AWS SDK for Java 2.x *.
+ [DeleteKeyGroup](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteKeyGroup)
+ [DeleteOriginAccessControl](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteOriginAccessControl)
+ [DeletePublicKey](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeletePublicKey)
### Sinal URLs e cookies
O exemplo de código a seguir mostra como criar cookies assinados URLs e que permitem acesso a recursos restritos.
**SDK para Java 2.x**
Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples).
Use a [CannedSignerRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/model/CannedSignerRequest.html)classe para assinar URLs ou usar cookies com uma política *predefinida*.
```
import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest;
import java.net.URL;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
public class CreateCannedPolicyRequest {
public static CannedSignerRequest createRequestForCannedPolicy(String distributionDomainName,
String fileNameToUpload,
String privateKeyFullPath, String publicKeyId) throws Exception {
String protocol = "https";
String resourcePath = "/" + fileNameToUpload;
String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString();
Instant expirationDate = Instant.now().plus(7, ChronoUnit.DAYS);
Path path = Paths.get(privateKeyFullPath);
return CannedSignerRequest.builder()
.resourceUrl(cloudFrontUrl)
.privateKey(path)
.keyPairId(publicKeyId)
.expirationDate(expirationDate)
.build();
}
}
```
Use a [CustomSignerRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/model/CustomSignerRequest.html)classe para assinar URLs ou usar cookies com uma política *personalizada*. O `activeDate` e `ipRange` são métodos opcionais.
```
import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest;
import java.net.URL;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
public class CreateCustomPolicyRequest {
public static CustomSignerRequest createRequestForCustomPolicy(String distributionDomainName,
String fileNameToUpload,
String privateKeyFullPath, String publicKeyId) throws Exception {
String protocol = "https";
String resourcePath = "/" + fileNameToUpload;
String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString();
Instant expireDate = Instant.now().plus(7, ChronoUnit.DAYS);
// URL will be accessible tomorrow using the signed URL.
Instant activeDate = Instant.now().plus(1, ChronoUnit.DAYS);
Path path = Paths.get(privateKeyFullPath);
return CustomSignerRequest.builder()
.resourceUrl(cloudFrontUrl)
// .resourceUrlPattern("https://*.example.com/*") // Optional.
.privateKey(path)
.keyPairId(publicKeyId)
.expirationDate(expireDate)
.activeDate(activeDate) // Optional.
// .ipRange("192.168.0.1/24") // Optional.
.build();
}
}
```
O exemplo a seguir demonstra o uso da [CloudFrontUtilities](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/CloudFrontUtilities.html)classe para produzir cookies assinados e. URLs [Veja](https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/javav2/example_code/cloudfront/src/main/java/com/example/cloudfront/SigningUtilities.java) este exemplo de código em GitHub.
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontUtilities;
import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCannedPolicy;
import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCustomPolicy;
import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest;
import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest;
import software.amazon.awssdk.services.cloudfront.url.SignedUrl;
public class SigningUtilities {
private static final Logger logger = LoggerFactory.getLogger(SigningUtilities.class);
private static final CloudFrontUtilities cloudFrontUtilities = CloudFrontUtilities.create();
public static SignedUrl signUrlForCannedPolicy(CannedSignerRequest cannedSignerRequest) {
SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCannedPolicy(cannedSignerRequest);
logger.info("Signed URL: [{}]", signedUrl.url());
return signedUrl;
}
public static SignedUrl signUrlForCustomPolicy(CustomSignerRequest customSignerRequest) {
SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCustomPolicy(customSignerRequest);
logger.info("Signed URL: [{}]", signedUrl.url());
return signedUrl;
}
public static CookiesForCannedPolicy getCookiesForCannedPolicy(CannedSignerRequest cannedSignerRequest) {
CookiesForCannedPolicy cookiesForCannedPolicy = cloudFrontUtilities
.getCookiesForCannedPolicy(cannedSignerRequest);
logger.info("Cookie EXPIRES header [{}]", cookiesForCannedPolicy.expiresHeaderValue());
logger.info("Cookie KEYPAIR header [{}]", cookiesForCannedPolicy.keyPairIdHeaderValue());
logger.info("Cookie SIGNATURE header [{}]", cookiesForCannedPolicy.signatureHeaderValue());
return cookiesForCannedPolicy;
}
public static CookiesForCustomPolicy getCookiesForCustomPolicy(CustomSignerRequest customSignerRequest) {
CookiesForCustomPolicy cookiesForCustomPolicy = cloudFrontUtilities
.getCookiesForCustomPolicy(customSignerRequest);
logger.info("Cookie POLICY header [{}]", cookiesForCustomPolicy.policyHeaderValue());
logger.info("Cookie KEYPAIR header [{}]", cookiesForCustomPolicy.keyPairIdHeaderValue());
logger.info("Cookie SIGNATURE header [{}]", cookiesForCustomPolicy.signatureHeaderValue());
return cookiesForCustomPolicy;
}
}
```
+ Para obter detalhes da API, consulte [CloudFrontUtilities](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CloudFrontUtilities)a *Referência AWS SDK for Java 2.x da API*.