文档 AWS SDK 示例 GitHub 存储库中还有更多 [S AWS DK 示例](https://github.com/awsdocs/aws-doc-sdk-examples)。本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。 # 使用的代码示 CloudFront 例 AWS SDKs 以下代码示例向您展示了如何将 Amazon CloudFront 与 AWS 软件开发套件 (SDK) 配合使用。 *操作*是大型程序的代码摘录，必须在上下文中运行。您可以通过操作了解如何调用单个服务函数，还可以通过函数相关场景的上下文查看操作。 *场景*是向您展示如何通过在一个服务中调用多个函数或与其他 AWS 服务服务结合来完成特定任务的代码示例。 **更多资源** + **[ CloudFront 开发者指南](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html)** —有关的更多信息 CloudFront. + **[CloudFront API 参考](https://docs.aws.amazon.com/cloudfront/latest/APIReference/Welcome.html)**-有关所有可用 CloudFront 操作的详细信息。 + **[AWS 开发者中心](https://aws.amazon.com/developer/code-examples/?awsf.sdk-code-examples-product=product%23cloudfront)** — 您可以按类别或全文搜索筛选的代码示例。 + **[AWS SDK 示例](https://github.com/awsdocs/aws-doc-sdk-examples)** — 包含首选语言完整代码的 GitHub 存储库。包括有关设置和运行代码的说明。 **Contents** + [基本功能](cloudfront_code_examples_basics.md) + [操作](cloudfront_code_examples_actions.md) + [`CreateDistribution`](cloudfront_example_cloudfront_CreateDistribution_section.md) + [`CreateFunction`](cloudfront_example_cloudfront_CreateFunction_section.md) + [`CreateInvalidation`](cloudfront_example_cloudfront_CreateInvalidation_section.md) + [`CreateKeyGroup`](cloudfront_example_cloudfront_CreateKeyGroup_section.md) + [`CreatePublicKey`](cloudfront_example_cloudfront_CreatePublicKey_section.md) + [`DeleteDistribution`](cloudfront_example_cloudfront_DeleteDistribution_section.md) + [`GetCloudFrontOriginAccessIdentity`](cloudfront_example_cloudfront_GetCloudFrontOriginAccessIdentity_section.md) + [`GetCloudFrontOriginAccessIdentityConfig`](cloudfront_example_cloudfront_GetCloudFrontOriginAccessIdentityConfig_section.md) + [`GetDistribution`](cloudfront_example_cloudfront_GetDistribution_section.md) + [`GetDistributionConfig`](cloudfront_example_cloudfront_GetDistributionConfig_section.md) + [`ListCloudFrontOriginAccessIdentities`](cloudfront_example_cloudfront_ListCloudFrontOriginAccessIdentities_section.md) + [`ListDistributions`](cloudfront_example_cloudfront_ListDistributions_section.md) + [`UpdateDistribution`](cloudfront_example_cloudfront_UpdateDistribution_section.md) + [场景](cloudfront_code_examples_scenarios.md) + [创建多租户分配和分配租户](cloudfront_example_cloudfront_CreateSaasResources_section.md) + [删除签名资源](cloudfront_example_cloudfront_DeleteSigningResources_section.md) + [开始使用 CloudFront](cloudfront_example_cloudfront_GettingStarted_section.md) + [签名 URLs 和饼干](cloudfront_example_cloudfront_CloudFrontUtilities_section.md) + [CloudFront 函数示例](cloudfront_code_examples_cloudfront_functions_examples.md) + [添加 HTTP 安全标头](cloudfront_example_cloudfront_functions_add_security_headers_section.md) + [添加 CORS 标头](cloudfront_example_cloudfront_functions_add_cors_header_section.md) + [添加缓存控制标头](cloudfront_example_cloudfront_functions_add_cache_control_header_section.md) + [添加真实客户端 IP 标头](cloudfront_example_cloudfront_functions_add_true_client_ip_header_section.md) + [添加源标头](cloudfront_example_cloudfront_functions_add_origin_header_section.md) + [将 index.html 添加到请求中 URLs](cloudfront_example_cloudfront_functions_url_rewrite_single_page_apps_section.md) + [标准化查询字符串参数](cloudfront_example_cloudfront_functions_normalize_query_string_parameters_section.md) + [重定向到新 URL](cloudfront_example_cloudfront_functions_redirect_based_on_country_section.md) + [重写请求 URI](cloudfront_example_cloudfront_functions_kvs_conditional_read_section.md) + [选择离查看器更近的来源](cloudfront_example_cloudfront_functions_select_origin_based_on_country_section.md) + [使用键值对](cloudfront_example_cloudfront_functions_kvs_key_value_pairs_section.md) + [验证简单令牌](cloudfront_example_cloudfront_functions_kvs_jwt_verify_section.md) # 使用的基本示 CloudFront 例 AWS SDKs 以下代码示例展示了如何使用 Amazon CloudFront 的基础知识 AWS SDKs。 **Contents** + [操作](cloudfront_code_examples_actions.md) + [`CreateDistribution`](cloudfront_example_cloudfront_CreateDistribution_section.md) + [`CreateFunction`](cloudfront_example_cloudfront_CreateFunction_section.md) + [`CreateInvalidation`](cloudfront_example_cloudfront_CreateInvalidation_section.md) + [`CreateKeyGroup`](cloudfront_example_cloudfront_CreateKeyGroup_section.md) + [`CreatePublicKey`](cloudfront_example_cloudfront_CreatePublicKey_section.md) + [`DeleteDistribution`](cloudfront_example_cloudfront_DeleteDistribution_section.md) + [`GetCloudFrontOriginAccessIdentity`](cloudfront_example_cloudfront_GetCloudFrontOriginAccessIdentity_section.md) + [`GetCloudFrontOriginAccessIdentityConfig`](cloudfront_example_cloudfront_GetCloudFrontOriginAccessIdentityConfig_section.md) + [`GetDistribution`](cloudfront_example_cloudfront_GetDistribution_section.md) + [`GetDistributionConfig`](cloudfront_example_cloudfront_GetDistributionConfig_section.md) + [`ListCloudFrontOriginAccessIdentities`](cloudfront_example_cloudfront_ListCloudFrontOriginAccessIdentities_section.md) + [`ListDistributions`](cloudfront_example_cloudfront_ListDistributions_section.md) + [`UpdateDistribution`](cloudfront_example_cloudfront_UpdateDistribution_section.md) # CloudFront 使用的操作 AWS SDKs 以下代码示例演示了如何使用执行单个 CloudFront操作 AWS SDKs。每个示例都包含一个指向的链接 GitHub，您可以在其中找到有关设置和运行代码的说明。这些摘录调用 CloudFront API，是大型程序的代码摘录，这些程序必须在上下文中运行。您可以在[CloudFront 使用场景 AWS SDKs](cloudfront_code_examples_scenarios.md)中结合上下文查看操作。以下示例仅包括最常用的操作。如需完整列表，请参阅 [Amazon CloudFront API 参考](https://docs.aws.amazon.com/cloudfront/latest/APIReference/Welcome.html)。 **Topics** + [`CreateDistribution`](cloudfront_example_cloudfront_CreateDistribution_section.md) + [`CreateFunction`](cloudfront_example_cloudfront_CreateFunction_section.md) + [`CreateInvalidation`](cloudfront_example_cloudfront_CreateInvalidation_section.md) + [`CreateKeyGroup`](cloudfront_example_cloudfront_CreateKeyGroup_section.md) + [`CreatePublicKey`](cloudfront_example_cloudfront_CreatePublicKey_section.md) + [`DeleteDistribution`](cloudfront_example_cloudfront_DeleteDistribution_section.md) + [`GetCloudFrontOriginAccessIdentity`](cloudfront_example_cloudfront_GetCloudFrontOriginAccessIdentity_section.md) + [`GetCloudFrontOriginAccessIdentityConfig`](cloudfront_example_cloudfront_GetCloudFrontOriginAccessIdentityConfig_section.md) + [`GetDistribution`](cloudfront_example_cloudfront_GetDistribution_section.md) + [`GetDistributionConfig`](cloudfront_example_cloudfront_GetDistributionConfig_section.md) + [`ListCloudFrontOriginAccessIdentities`](cloudfront_example_cloudfront_ListCloudFrontOriginAccessIdentities_section.md) + [`ListDistributions`](cloudfront_example_cloudfront_ListDistributions_section.md) + [`UpdateDistribution`](cloudfront_example_cloudfront_UpdateDistribution_section.md) # `CreateDistribution`与 AWS SDK 或 CLI 配合使用以下代码示例演示如何使用 `CreateDistribution`。操作示例是大型程序的代码摘录，必须在上下文中运行。您可以在以下代码示例中查看此操作的上下文： + [创建多租户分配和分配租户](cloudfront_example_cloudfront_CreateSaasResources_section.md) + [开始使用 CloudFront](cloudfront_example_cloudfront_GettingStarted_section.md) ------ #### [ CLI ] **AWS CLI** **示例 1：创建 CloudFront 分配** 以下 `create-distribution` 示例使用命令行参数，为名为 `amzn-s3-demo-bucket` 的 S3 存储桶创建分配，还将 `index.html` 指定为默认根对象。 ``` aws cloudfront create-distribution \ --origin-domain-name amzn-s3-demo-bucket.s3.amazonaws.com \ --default-root-object index.html ``` 输出： ``` { "Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EMLARXS9EXAMPLE", "ETag": "E9LHASXEXAMPLE", "Distribution": { "Id": "EMLARXS9EXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/EMLARXS9EXAMPLE", "Status": "InProgress", "LastModifiedTime": "2019-11-22T00:55:15.705Z", "InProgressInvalidationBatches": 0, "DomainName": "d111111abcdef8.cloudfront.net", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } } } ``` **示例 2：使用 JSON 文件创建 CloudFront 分配** 以下 `create-distribution` 示例使用 JSON 文件，为名为 `amzn-s3-demo-bucket` 的 S3 存储桶创建分配，还将 `index.html` 指定为默认根对象。 ``` aws cloudfront create-distribution \ --distribution-config file://dist-config.json ``` `dist-config.json` 的内容： ``` { "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } ``` 有关输出示例，请参阅示例 1。 **示例 3：使用证书创建 CloudFront 多租户分发** 以下`create-distribution`示例创建了一个支持多租户的 CloudFront 分配，并指定了 TLS 证书。 ``` aws cloudfront create-distribution \ --distribution-config file://dist-config.json ``` `dist-config.json` 的内容： ``` { "CallerReference": "cli-example-with-cert", "Comment": "CLI example distribution", "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "OriginPath": "/{{tenantName}}", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "DefaultCacheBehavior": { "TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC", "ViewerProtocolPolicy": "allow-all", "AllowedMethods": { "Quantity": 2, "Items": ["HEAD", "GET"], "CachedMethods": { "Quantity": 2, "Items": ["HEAD", "GET"] } } }, "Enabled": true, "ViewerCertificate": { "ACMCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/191306a1-db01-49ca-90ef-fc414ee5dabc", "SSLSupportMethod": "sni-only" }, "HttpVersion": "http2", "ConnectionMode": "tenant-only", "TenantConfig": { "ParameterDefinitions": [ { "Name": "tenantName", "Definition": { "StringSchema": { "Comment": "tenantName parameter", "DefaultValue": "root", "Required": false } } } ] } } ``` 输出： ``` { "Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/E1HVIAU7UABC", "ETag": "E20LT7R1BABC", "Distribution": { "Id": "E1HVIAU7U12ABC", "ARN": "arn:aws:cloudfront::123456789012:distribution/E1HVIAU7U12ABC", "Status": "InProgress", "LastModifiedTime": "2025-07-10T20:33:31.117000+00:00", "InProgressInvalidationBatches": 0, "DomainName": "example.com", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "ActiveTrustedKeyGroups": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "cli-example-with-cert", "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "OriginPath": "/{{tenantName}}", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" }, "ConnectionAttempts": 3, "ConnectionTimeout": 10, "OriginShield": { "Enabled": false }, "OriginAccessControlId": "" } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "TrustedKeyGroups": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "AllowedMethods": { "Quantity": 2, "Items": ["HEAD", "GET"], "CachedMethods": { "Quantity": 2, "Items": ["HEAD", "GET"] } }, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "", "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC", "GrpcConfig": { "Enabled": false } }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "CLI example distribution", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": false, "ACMCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/1954f095-11b6-4daf-9952-0c308a00abc", "SSLSupportMethod": "sni-only", "MinimumProtocolVersion": "TLSv1.2_2021", "Certificate": "arn:aws:acm:us-east-1:123456789012:certificate/1954f095-11b6-4daf-9952-0c308a00abc", "CertificateSource": "acm" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "TenantConfig": { "ParameterDefinitions": [ { "Name": "tenantName", "Definition": { "StringSchema": { "Comment": "tenantName parameter", "DefaultValue": "root", "Required": false } } } ] }, "ConnectionMode": "tenant-only" } } } ``` 有关更多信息，请参阅《*Amazon CloudFront 开发者指南*》中的[使用分配](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-working-with.html)。 **示例 4：创建不带证书的 CloudFront 多租户分发** 以下`create-distribution`示例创建了一个支持多租户但没有 TLS 证书的 CloudFront 分发。 ``` aws cloudfront create-distribution \ --distribution-config file://dist-config.json ``` `dist-config.json` 的内容： ``` { "CallerReference": "cli-example", "Comment": "CLI example distribution", "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "OriginPath": "/{{tenantName}}", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "DefaultCacheBehavior": { "TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC", "ViewerProtocolPolicy": "allow-all", "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } } }, "Enabled": true, "HttpVersion": "http2", "ConnectionMode": "tenant-only", "TenantConfig": { "ParameterDefinitions": [ { "Name": "tenantName", "Definition": { "StringSchema": { "Comment": "tenantName parameter", "DefaultValue": "root", "Required": false } } } ] } } ``` 输出： ``` { "Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/E2GJ5J9QN12ABC", "ETag": "E37YLVVQIABC", "Distribution": { "Id": "E2GJ5J9QNABC", "ARN": "arn:aws:cloudfront::123456789012:distribution/E2GJ5J9QN12ABC", "Status": "InProgress", "LastModifiedTime": "2025-07-10T20:35:20.565000+00:00", "InProgressInvalidationBatches": 0, "DomainName": "example.com", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "ActiveTrustedKeyGroups": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "cli-example-no-cert", "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "OriginPath": "/{{tenantName}}", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" }, "ConnectionAttempts": 3, "ConnectionTimeout": 10, "OriginShield": { "Enabled": false }, "OriginAccessControlId": "" } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "TrustedKeyGroups": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "", "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC", "GrpcConfig": { "Enabled": false } }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "CLI example distribution", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "SSLSupportMethod": "sni-only", "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "TenantConfig": { "ParameterDefinitions": [ { "Name": "tenantName", "Definition": { "StringSchema": { "Comment": "tenantName parameter", "DefaultValue": "root", "Required": false } } } ] }, "ConnectionMode": "tenant-only" } } } ``` 有关更多信息，请参阅 *Amazon CloudFront 开发者指南*中的[配置分配](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-working-with.html)。 + 有关 API 的详细信息，请参阅*AWS CLI 命令参考[CreateDistribution](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-distribution.html)*中的。 ------ #### [ Java ] **适用于 Java 的 SDK 2.x** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中查找完整示例，了解如何进行设置和运行。以下示例使用 Amazon Simple Storage Service (Amazon S3) 桶作为内容来源。创建发行版后，代码会创建一个 [CloudFrontWaiter](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/waiters/CloudFrontWaiter.html)，等待发行版部署完毕后再返回发行版。 ``` import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.core.internal.waiters.ResponseOrException; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.Distribution; import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.ItemSelection; import software.amazon.awssdk.services.cloudfront.model.Method; import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy; import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter; import software.amazon.awssdk.services.s3.S3Client; import java.time.Instant; public class CreateDistribution { private static final Logger logger = LoggerFactory.getLogger(CreateDistribution.class); public static Distribution createDistribution(CloudFrontClient cloudFrontClient, S3Client s3Client, final String bucketName, final String keyGroupId, final String originAccessControlId) { final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers() .get("x-amz-bucket-region").get(0); final String originDomain = bucketName + ".s3." + region + ".amazonaws.com"; String originId = originDomain; // Use the originDomain value for the originId. // The service API requires some deprecated methods, such as // DefaultCacheBehavior.Builder#minTTL and #forwardedValue. CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder .distributionConfig(b1 -> b1 .origins(b2 -> b2 .quantity(1) .items(b3 -> b3 .domainName(originDomain) .id(originId) .s3OriginConfig(builder4 -> builder4 .originAccessIdentity( "")) .originAccessControlId( originAccessControlId))) .defaultCacheBehavior(b2 -> b2 .viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .minTTL(200L) .forwardedValues(b5 -> b5 .cookies(cp -> cp .forward(ItemSelection.NONE)) .queryString(true)) .trustedKeyGroups(b3 -> b3 .quantity(1) .items(keyGroupId) .enabled(true)) .allowedMethods(b4 -> b4 .quantity(2) .items(Method.HEAD, Method.GET) .cachedMethods(b5 -> b5 .quantity(2) .items(Method.HEAD, Method.GET)))) .cacheBehaviors(b -> b .quantity(1) .items(b2 -> b2 .pathPattern("/index.html") .viewerProtocolPolicy( ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .trustedKeyGroups(b3 -> b3 .quantity(1) .items(keyGroupId) .enabled(true)) .minTTL(200L) .forwardedValues(b4 -> b4 .cookies(cp -> cp .forward(ItemSelection.NONE)) .queryString(true)) .allowedMethods(b5 -> b5.quantity(2) .items(Method.HEAD, Method.GET) .cachedMethods(b6 -> b6 .quantity(2) .items(Method.HEAD, Method.GET))))) .enabled(true) .comment("Distribution built with java") .callerReference(Instant.now().toString()))); final Distribution distribution = createDistResponse.distribution(); logger.info("Distribution created. DomainName: [{}] Id: [{}]", distribution.domainName(), distribution.id()); logger.info("Waiting for distribution to be deployed ..."); try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distribution.id())) .matched(); responseOrException.response() .orElseThrow(() -> new RuntimeException("Distribution not created")); logger.info("Distribution deployed. DomainName: [{}] Id: [{}]", distribution.domainName(), distribution.id()); } return distribution; } } ``` + 有关 API 的详细信息，请参阅 *AWS SDK for Java 2.x API 参考[CreateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistribution)*中的。 ------ #### [ PowerShell ] **适用于 PowerShell V4 的工具** **示例 1：创建配置了日志和缓存的基本 CloudFront 发行版。** ``` $origin = New-Object Amazon.CloudFront.Model.Origin $origin.DomainName = "amzn-s3-demo-bucket.s3.amazonaws.com" $origin.Id = "UniqueOrigin1" $origin.S3OriginConfig = New-Object Amazon.CloudFront.Model.S3OriginConfig $origin.S3OriginConfig.OriginAccessIdentity = "" New-CFDistribution ` -DistributionConfig_Enabled $true ` -DistributionConfig_Comment "Test distribution" ` -Origins_Item $origin ` -Origins_Quantity 1 ` -Logging_Enabled $true ` -Logging_IncludeCookie $true ` -Logging_Bucket amzn-s3-demo-logging-bucket.s3.amazonaws.com ` -Logging_Prefix "help/" ` -DistributionConfig_CallerReference Client1 ` -DistributionConfig_DefaultRootObject index.html ` -DefaultCacheBehavior_TargetOriginId $origin.Id ` -ForwardedValues_QueryString $true ` -Cookies_Forward all ` -WhitelistedNames_Quantity 0 ` -TrustedSigners_Enabled $false ` -TrustedSigners_Quantity 0 ` -DefaultCacheBehavior_ViewerProtocolPolicy allow-all ` -DefaultCacheBehavior_MinTTL 1000 ` -DistributionConfig_PriceClass "PriceClass_All" ` -CacheBehaviors_Quantity 0 ` -Aliases_Quantity 0 ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 4) [CreateDistribution](https://docs.aws.amazon.com/powershell/v4/reference)中的。 **适用于 PowerShell V5 的工具** **示例 1：创建配置了日志和缓存的基本 CloudFront 发行版。** ``` $origin = New-Object Amazon.CloudFront.Model.Origin $origin.DomainName = "amzn-s3-demo-bucket.s3.amazonaws.com" $origin.Id = "UniqueOrigin1" $origin.S3OriginConfig = New-Object Amazon.CloudFront.Model.S3OriginConfig $origin.S3OriginConfig.OriginAccessIdentity = "" New-CFDistribution ` -DistributionConfig_Enabled $true ` -DistributionConfig_Comment "Test distribution" ` -Origins_Item $origin ` -Origins_Quantity 1 ` -Logging_Enabled $true ` -Logging_IncludeCookie $true ` -Logging_Bucket amzn-s3-demo-logging-bucket.s3.amazonaws.com ` -Logging_Prefix "help/" ` -DistributionConfig_CallerReference Client1 ` -DistributionConfig_DefaultRootObject index.html ` -DefaultCacheBehavior_TargetOriginId $origin.Id ` -ForwardedValues_QueryString $true ` -Cookies_Forward all ` -WhitelistedNames_Quantity 0 ` -TrustedSigners_Enabled $false ` -TrustedSigners_Quantity 0 ` -DefaultCacheBehavior_ViewerProtocolPolicy allow-all ` -DefaultCacheBehavior_MinTTL 1000 ` -DistributionConfig_PriceClass "PriceClass_All" ` -CacheBehaviors_Quantity 0 ` -Aliases_Quantity 0 ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 5) [CreateDistribution](https://docs.aws.amazon.com/powershell/v5/reference)中的。 ------ # 与 AWS SDK `CreateFunction` 配合使用以下代码示例演示了如何使用 `CreateFunction`。 ------ #### [ Java ] **适用于 Java 的 SDK 2.x** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中查找完整示例，了解如何进行设置和运行。 ``` import software.amazon.awssdk.core.SdkBytes; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CloudFrontException; import software.amazon.awssdk.services.cloudfront.model.CreateFunctionRequest; import software.amazon.awssdk.services.cloudfront.model.CreateFunctionResponse; import software.amazon.awssdk.services.cloudfront.model.FunctionConfig; import software.amazon.awssdk.services.cloudfront.model.FunctionRuntime; import java.io.InputStream; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class CreateFunction { public static void main(String[] args) { final String usage = """ Usage: Where: functionName - The name of the function to create.\s filePath - The path to a file that contains the application logic for the function.\s """; if (args.length != 2) { System.out.println(usage); System.exit(1); } String functionName = args[0]; String filePath = args[1]; CloudFrontClient cloudFrontClient = CloudFrontClient.builder() .region(Region.AWS_GLOBAL) .build(); String funArn = createNewFunction(cloudFrontClient, functionName, filePath); System.out.println("The function ARN is " + funArn); cloudFrontClient.close(); } public static String createNewFunction(CloudFrontClient cloudFrontClient, String functionName, String filePath) { try { InputStream fileIs = CreateFunction.class.getClassLoader().getResourceAsStream(filePath); SdkBytes functionCode = SdkBytes.fromInputStream(fileIs); FunctionConfig config = FunctionConfig.builder() .comment("Created by using the CloudFront Java API") .runtime(FunctionRuntime.CLOUDFRONT_JS_1_0) .build(); CreateFunctionRequest functionRequest = CreateFunctionRequest.builder() .name(functionName) .functionCode(functionCode) .functionConfig(config) .build(); CreateFunctionResponse response = cloudFrontClient.createFunction(functionRequest); return response.functionSummary().functionMetadata().functionARN(); } catch (CloudFrontException e) { System.err.println(e.getMessage()); System.exit(1); } return ""; } } ``` + 有关 API 的详细信息，请参阅 *AWS SDK for Java 2.x API 参考[CreateFunction](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateFunction)*中的。 ------ # 将 `CreateInvalidation` 与 CLI 配合使用以下代码示例演示如何使用 `CreateInvalidation`。 ------ #### [ CLI ] **AWS CLI** **为分配创建失效状态 CloudFront ** 以下`create-invalidation`示例为指定 CloudFront 发行版中的指定文件创建失效： ``` aws cloudfront create-invalidation \ --distribution-id EDFDVBD6EXAMPLE \ --paths "/example-path/example-file.jpg" "/example-path/example-file2.png" ``` 输出： ``` { "Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EDFDVBD6EXAMPLE/invalidation/I1JLWSDAP8FU89", "Invalidation": { "Id": "I1JLWSDAP8FU89", "Status": "InProgress", "CreateTime": "2019-12-05T18:24:51.407Z", "InvalidationBatch": { "Paths": { "Quantity": 2, "Items": [ "/example-path/example-file2.png", "/example-path/example-file.jpg" ] }, "CallerReference": "cli-1575570291-670203" } } } ``` 在前面的示例中， AWS CLI 自动生成了一个随机值`CallerReference`。要指定自己的 `CallerReference`，或者为了避免将失效参数作为命令行参数传递，可以使用 JSON 文件。以下示例通过在名为 `inv-batch.json` 的 JSON 文件中提供失效参数，为两个文件创建失效： ``` aws cloudfront create-invalidation \ --distribution-id EDFDVBD6EXAMPLE \ --invalidation-batch file://inv-batch.json ``` `inv-batch.json` 的内容： ``` { "Paths": { "Quantity": 2, "Items": [ "/example-path/example-file.jpg", "/example-path/example-file2.png" ] }, "CallerReference": "cli-example" } ``` 输出： ``` { "Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EDFDVBD6EXAMPLE/invalidation/I2J0I21PCUYOIK", "Invalidation": { "Id": "I2J0I21PCUYOIK", "Status": "InProgress", "CreateTime": "2019-12-05T18:40:49.413Z", "InvalidationBatch": { "Paths": { "Quantity": 2, "Items": [ "/example-path/example-file.jpg", "/example-path/example-file2.png" ] }, "CallerReference": "cli-example" } } } ``` + 有关 API 的详细信息，请参阅*AWS CLI 命令参考[CreateInvalidation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-invalidation.html)*中的。 ------ #### [ PowerShell ] **适用于 PowerShell V4 的工具** **示例 1：此示例在 ID 为 EXAMPLENSTXAXE 的分配上创建一个新的失效。 CallerReference 是用户选择的唯一 ID；在本例中，使用代表 2019 年 5 月 15 日上午 9:00 的时间戳。\$1Paths 变量存储了用户不希望将其作为分配缓存一部分的图像和媒体文件的三个路径。-Paths\$1Quantity 参数值是在 -Paths\$1Item 参数中指定的路径总数。** ``` $Paths = "/images/*.gif", "/images/image1.jpg", "/videos/*.mp4" New-CFInvalidation -DistributionId "EXAMPLENSTXAXE" -InvalidationBatch_CallerReference 20190515090000 -Paths_Item $Paths -Paths_Quantity 3 ``` **输出**： ``` Invalidation Location ------------ -------- Amazon.CloudFront.Model.Invalidation https://cloudfront.amazonaws.com/2018-11-05/distribution/EXAMPLENSTXAXE/invalidation/EXAMPLE8NOK9H ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 4) [CreateInvalidation](https://docs.aws.amazon.com/powershell/v4/reference)中的。 **适用于 PowerShell V5 的工具** **示例 1：此示例在 ID 为 EXAMPLENSTXAXE 的分配上创建一个新的失效。 CallerReference 是用户选择的唯一 ID；在本例中，使用代表 2019 年 5 月 15 日上午 9:00 的时间戳。\$1Paths 变量存储了用户不希望将其作为分配缓存一部分的图像和媒体文件的三个路径。-Paths\$1Quantity 参数值是在 -Paths\$1Item 参数中指定的路径总数。** ``` $Paths = "/images/*.gif", "/images/image1.jpg", "/videos/*.mp4" New-CFInvalidation -DistributionId "EXAMPLENSTXAXE" -InvalidationBatch_CallerReference 20190515090000 -Paths_Item $Paths -Paths_Quantity 3 ``` **输出**： ``` Invalidation Location ------------ -------- Amazon.CloudFront.Model.Invalidation https://cloudfront.amazonaws.com/2018-11-05/distribution/EXAMPLENSTXAXE/invalidation/EXAMPLE8NOK9H ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 5) [CreateInvalidation](https://docs.aws.amazon.com/powershell/v5/reference)中的。 ------ # 与 AWS SDK `CreateKeyGroup` 配合使用以下代码示例演示了如何使用 `CreateKeyGroup`。 ------ #### [ Java ] **适用于 Java 的 SDK 2.x** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中查找完整示例，了解如何进行设置和运行。密钥组需要至少一个用于验证已签名 URLs 或 Cookie 的公钥。 ``` import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import java.util.UUID; public class CreateKeyGroup { private static final Logger logger = LoggerFactory.getLogger(CreateKeyGroup.class); public static String createKeyGroup(CloudFrontClient cloudFrontClient, String publicKeyId) { String keyGroupId = cloudFrontClient.createKeyGroup(b -> b.keyGroupConfig(c -> c .items(publicKeyId) .name("JavaKeyGroup" + UUID.randomUUID()))) .keyGroup().id(); logger.info("KeyGroup created with ID: [{}]", keyGroupId); return keyGroupId; } } ``` + 有关 API 的详细信息，请参阅 *AWS SDK for Java 2.x API 参考[CreateKeyGroup](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateKeyGroup)*中的。 ------ # `CreatePublicKey`与 AWS SDK 或 CLI 配合使用以下代码示例演示如何使用 `CreatePublicKey`。 ------ #### [ CLI ] **AWS CLI** **创建 CloudFront 公钥** 以下示例通过在名为的 JSON 文件中提供参数来创建 CloudFront 公钥`pub-key-config.json`。必须先拥有 PEM 编码的公钥，然后才能使用此命令。有关更多信息，请参阅《A *mazon CloudFront 开发者指南》*中的[创建 RSA 密钥对](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html#field-level-encryption-setting-up-step1)。 ``` aws cloudfront create-public-key \ --public-key-config file://pub-key-config.json ``` 文件 `pub-key-config.json` 是当前文件夹中包含以下内容的 JSON 文档：请注意，公钥以 PEM 格式编码。 ``` { "CallerReference": "cli-example", "Name": "ExampleKey", "EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n", "Comment": "example public key" } ``` 输出： ``` { "Location": "https://cloudfront.amazonaws.com/2019-03-26/public-key/KDFB19YGCR002", "ETag": "E2QWRUHEXAMPLE", "PublicKey": { "Id": "KDFB19YGCR002", "CreatedTime": "2019-12-05T18:51:43.781Z", "PublicKeyConfig": { "CallerReference": "cli-example", "Name": "ExampleKey", "EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n", "Comment": "example public key" } } } ``` + 有关 API 的详细信息，请参阅*AWS CLI 命令参考[CreatePublicKey](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-public-key.html)*中的。 ------ #### [ Java ] **适用于 Java 的 SDK 2.x** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中查找完整示例，了解如何进行设置和运行。以下代码示例读取公钥并将其上传到 Amazon CloudFront。 ``` import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreatePublicKeyResponse; import software.amazon.awssdk.utils.IoUtils; import java.io.IOException; import java.io.InputStream; import java.util.UUID; public class CreatePublicKey { private static final Logger logger = LoggerFactory.getLogger(CreatePublicKey.class); public static String createPublicKey(CloudFrontClient cloudFrontClient, String publicKeyFileName) { try (InputStream is = CreatePublicKey.class.getClassLoader().getResourceAsStream(publicKeyFileName)) { String publicKeyString = IoUtils.toUtf8String(is); CreatePublicKeyResponse createPublicKeyResponse = cloudFrontClient .createPublicKey(b -> b.publicKeyConfig(c -> c .name("JavaCreatedPublicKey" + UUID.randomUUID()) .encodedKey(publicKeyString) .callerReference(UUID.randomUUID().toString()))); String createdPublicKeyId = createPublicKeyResponse.publicKey().id(); logger.info("Public key created with id: [{}]", createdPublicKeyId); return createdPublicKeyId; } catch (IOException e) { throw new RuntimeException(e); } } } ``` + 有关 API 的详细信息，请参阅 *AWS SDK for Java 2.x API 参考[CreatePublicKey](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreatePublicKey)*中的。 ------ # `DeleteDistribution`与 AWS SDK 或 CLI 配合使用以下代码示例演示如何使用 `DeleteDistribution`。操作示例是大型程序的代码摘录，必须在上下文中运行。在以下代码示例中，您可以查看此操作的上下文： + [开始使用 CloudFront](cloudfront_example_cloudfront_GettingStarted_section.md) ------ #### [ CLI ] **AWS CLI** **删除分 CloudFront 配** 以下示例删除标识为 ID 的 CloudFront 分配`EDFDVBD6EXAMPLE`。删除分配之前，必须先禁用它。要禁用分配，请使用 update-distribution 命令。有关更多信息，请参阅 update-distribution 示例。分配已禁用，您可以将其删除。要删除分配，您必须使用 `--if-match` 选项来提供分配的 `ETag`。要获取`ETag`，请使用 get-distribution 或get-distribution-config 命令。 ``` aws cloudfront delete-distribution \ --id EDFDVBD6EXAMPLE \ --if-match E2QWRUHEXAMPLE ``` 成功时，此命令没有输出。 + 有关 API 的详细信息，请参阅*AWS CLI 命令参考[DeleteDistribution](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/delete-distribution.html)*中的。 ------ #### [ Java ] **适用于 Java 的 SDK 2.x** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中查找完整示例，了解如何进行设置和运行。以下代码示例将分配更新为*禁用*，使用 waiter 等待更改部署完成，然后删除该分配。 ``` import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.core.internal.waiters.ResponseOrException; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.DeleteDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionConfig; import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse; import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter; public class DeleteDistribution { private static final Logger logger = LoggerFactory.getLogger(DeleteDistribution.class); public static void deleteDistribution(final CloudFrontClient cloudFrontClient, final String distributionId) { // First, disable the distribution by updating it. GetDistributionResponse response = cloudFrontClient.getDistribution(b -> b .id(distributionId)); String etag = response.eTag(); DistributionConfig distConfig = response.distribution().distributionConfig(); cloudFrontClient.updateDistribution(builder -> builder .id(distributionId) .distributionConfig(builder1 -> builder1 .cacheBehaviors(distConfig.cacheBehaviors()) .defaultCacheBehavior(distConfig.defaultCacheBehavior()) .enabled(false) .origins(distConfig.origins()) .comment(distConfig.comment()) .callerReference(distConfig.callerReference()) .defaultCacheBehavior(distConfig.defaultCacheBehavior()) .priceClass(distConfig.priceClass()) .aliases(distConfig.aliases()) .logging(distConfig.logging()) .defaultRootObject(distConfig.defaultRootObject()) .customErrorResponses(distConfig.customErrorResponses()) .httpVersion(distConfig.httpVersion()) .isIPV6Enabled(distConfig.isIPV6Enabled()) .restrictions(distConfig.restrictions()) .viewerCertificate(distConfig.viewerCertificate()) .webACLId(distConfig.webACLId()) .originGroups(distConfig.originGroups())) .ifMatch(etag)); logger.info("Distribution [{}] is DISABLED, waiting for deployment before deleting ...", distributionId); GetDistributionResponse distributionResponse; try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distributionId)).matched(); distributionResponse = responseOrException.response() .orElseThrow(() -> new RuntimeException("Could not disable distribution")); } DeleteDistributionResponse deleteDistributionResponse = cloudFrontClient .deleteDistribution(builder -> builder .id(distributionId) .ifMatch(distributionResponse.eTag())); if (deleteDistributionResponse.sdkHttpResponse().isSuccessful()) { logger.info("Distribution [{}] DELETED", distributionId); } } } ``` + 有关 API 的详细信息，请参阅 *AWS SDK for Java 2.x API 参考[DeleteDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteDistribution)*中的。 ------ # 将 `GetCloudFrontOriginAccessIdentity` 与 CLI 配合使用以下代码示例演示如何使用 `GetCloudFrontOriginAccessIdentity`。 ------ #### [ CLI ] **AWS CLI** **获取 CloudFront 源站访问身份** 以下示例获取带有 ID 的 CloudFront 源访问身份 (OAI)`E74FTE3AEXAMPLE`，包括其`ETag`和关联的 S3 规范 ID。OAI ID 将在-access-identity 和 create-cloud-front-origin-access-identitions 命令的输出中返回。list-cloud-front-origin ``` aws cloudfront get-cloud-front-origin-access-identity --id E74FTE3AEXAMPLE ``` 输出： ``` { "ETag": "E2QWRUHEXAMPLE", "CloudFrontOriginAccessIdentity": { "Id": "E74FTE3AEXAMPLE", "S3CanonicalUserId": "cd13868f797c227fbea2830611a26fe0a21ba1b826ab4bed9b7771c9aEXAMPLE", "CloudFrontOriginAccessIdentityConfig": { "CallerReference": "cli-example", "Comment": "Example OAI" } } } ``` + 有关 API 的详细信息，请参阅*AWS CLI 命令参考[GetCloudFrontOriginAccessIdentity](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-cloud-front-origin-access-identity.html)*中的。 ------ #### [ PowerShell ] **适用于 PowerShell V4 的工具** **示例 1：此示例返回由-Id 参数指定的特定亚马逊 CloudFront 源访问身份。尽管不需要 -Id 参数，但如果您不指定该参数，则不会返回任何结果。** ``` Get-CFCloudFrontOriginAccessIdentity -Id E3XXXXXXXXXXRT ``` **输出**： ``` CloudFrontOriginAccessIdentityConfig Id S3CanonicalUserId ------------------------------------ -- ----------------- Amazon.CloudFront.Model.CloudFrontOr... E3XXXXXXXXXXRT 4b6e... ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 4) [GetCloudFrontOriginAccessIdentity](https://docs.aws.amazon.com/powershell/v4/reference)中的。 **适用于 PowerShell V5 的工具** **示例 1：此示例返回由-Id 参数指定的特定亚马逊 CloudFront 源访问身份。尽管不需要 -Id 参数，但如果您不指定该参数，则不会返回任何结果。** ``` Get-CFCloudFrontOriginAccessIdentity -Id E3XXXXXXXXXXRT ``` **输出**： ``` CloudFrontOriginAccessIdentityConfig Id S3CanonicalUserId ------------------------------------ -- ----------------- Amazon.CloudFront.Model.CloudFrontOr... E3XXXXXXXXXXRT 4b6e... ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 5) [GetCloudFrontOriginAccessIdentity](https://docs.aws.amazon.com/powershell/v5/reference)中的。 ------ # 将 `GetCloudFrontOriginAccessIdentityConfig` 与 CLI 配合使用以下代码示例演示如何使用 `GetCloudFrontOriginAccessIdentityConfig`。 ------ #### [ CLI ] **AWS CLI** **获取 CloudFront 源站访问身份配置** 以下示例获取有关带有 ID 的 CloudFront 源访问身份 (OAI) 的元数据`E74FTE3AEXAMPLE`，包括其`ETag`。OAI ID 将在-access-identity 和 create-cloud-front-origin-access-identitions 命令的输出中返回。list-cloud-front-origin ``` aws cloudfront get-cloud-front-origin-access-identity-config --id E74FTE3AEXAMPLE ``` 输出： ``` { "ETag": "E2QWRUHEXAMPLE", "CloudFrontOriginAccessIdentityConfig": { "CallerReference": "cli-example", "Comment": "Example OAI" } } ``` + 有关 API 的详细信息，请参阅*AWS CLI 命令参考[GetCloudFrontOriginAccessIdentityConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-cloud-front-origin-access-identity-config.html)*中的。 ------ #### [ PowerShell ] **适用于 PowerShell V4 的工具** **示例 1：此示例返回有关单个 Amazon CloudFront 源访问身份的配置信息，该身份由-Id 参数指定。如果未指定 -Id 参数，则会出现错误。** ``` Get-CFCloudFrontOriginAccessIdentityConfig -Id E3XXXXXXXXXXRT ``` **输出**： ``` CallerReference Comment --------------- ------- mycallerreference: 2/1/2011 1:16:32 PM Caller reference: 2/1/2011 1:16:32 PM ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 4) [GetCloudFrontOriginAccessIdentityConfig](https://docs.aws.amazon.com/powershell/v4/reference)中的。 **适用于 PowerShell V5 的工具** **示例 1：此示例返回有关单个 Amazon CloudFront 源访问身份的配置信息，该身份由-Id 参数指定。如果未指定 -Id 参数，则会出现错误。** ``` Get-CFCloudFrontOriginAccessIdentityConfig -Id E3XXXXXXXXXXRT ``` **输出**： ``` CallerReference Comment --------------- ------- mycallerreference: 2/1/2011 1:16:32 PM Caller reference: 2/1/2011 1:16:32 PM ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 5) [GetCloudFrontOriginAccessIdentityConfig](https://docs.aws.amazon.com/powershell/v5/reference)中的。 ------ # 将 `GetDistribution` 与 CLI 配合使用以下代码示例演示如何使用 `GetDistribution`。操作示例是大型程序的代码摘录，必须在上下文中运行。在以下代码示例中，您可以查看此操作的上下文： + [开始使用 CloudFront](cloudfront_example_cloudfront_GettingStarted_section.md) ------ #### [ CLI ] **AWS CLI** **要获得分 CloudFront 发** 以下`get-distribution`示例获取带有 ID 的 CloudFront 分配`EDFDVBD6EXAMPLE`，包括其`ETag`。分配 ID 将在 create-distribution 和 list-distributions 命令中返回。 ``` aws cloudfront get-distribution \ --id EDFDVBD6EXAMPLE ``` 输出： ``` { "ETag": "E2QWRUHEXAMPLE", "Distribution": { "Id": "EDFDVBD6EXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE", "Status": "Deployed", "LastModifiedTime": "2019-12-04T23:35:41.433Z", "InProgressInvalidationBatches": 0, "DomainName": "d111111abcdef8.cloudfront.net", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } } } ``` + 有关 API 的详细信息，请参阅*AWS CLI 命令参考[GetDistribution](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-distribution.html)*中的。 ------ #### [ PowerShell ] **适用于 PowerShell V4 的工具** **示例 1：检索有关特定分配的信息。** ``` Get-CFDistribution -Id EXAMPLE0000ID ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 4) [GetDistribution](https://docs.aws.amazon.com/powershell/v4/reference)中的。 **适用于 PowerShell V5 的工具** **示例 1：检索有关特定分配的信息。** ``` Get-CFDistribution -Id EXAMPLE0000ID ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 5) [GetDistribution](https://docs.aws.amazon.com/powershell/v5/reference)中的。 ------ # `GetDistributionConfig`与 AWS SDK 或 CLI 配合使用以下代码示例演示如何使用 `GetDistributionConfig`。操作示例是大型程序的代码摘录，必须在上下文中运行。在以下代码示例中，您可以查看此操作的上下文： + [开始使用 CloudFront](cloudfront_example_cloudfront_GettingStarted_section.md) ------ #### [ CLI ] **AWS CLI** **获取分 CloudFront 发配置** 以下示例获取有关带有 ID 的 CloudFront 分配的元数据`EDFDVBD6EXAMPLE`，包括其`ETag`。分配 ID 将在 create-distribution 和 list-distributions 命令中返回。 ``` aws cloudfront get-distribution-config \ --id EDFDVBD6EXAMPLE ``` 输出： ``` { "ETag": "E2QWRUHEXAMPLE", "DistributionConfig": { "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } } ``` + 有关 API 的详细信息，请参阅*AWS CLI 命令参考[GetDistributionConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-distribution-config.html)*中的。 ------ #### [ PowerShell ] **适用于 PowerShell V4 的工具** **示例 1：检索有关特定分配的配置。** ``` Get-CFDistributionConfig -Id EXAMPLE0000ID ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 4) [GetDistributionConfig](https://docs.aws.amazon.com/powershell/v4/reference)中的。 **适用于 PowerShell V5 的工具** **示例 1：检索有关特定分配的配置。** ``` Get-CFDistributionConfig -Id EXAMPLE0000ID ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 5) [GetDistributionConfig](https://docs.aws.amazon.com/powershell/v5/reference)中的。 ------ #### [ Python ] **适用于 Python 的 SDK（Boto3）** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cloudfront#code-examples)中查找完整示例，了解如何进行设置和运行。 ``` class CloudFrontWrapper: """Encapsulates Amazon CloudFront operations.""" def __init__(self, cloudfront_client): """ :param cloudfront_client: A Boto3 CloudFront client """ self.cloudfront_client = cloudfront_client def update_distribution(self): distribution_id = input( "This script updates the comment for a CloudFront distribution.\n" "Enter a CloudFront distribution ID: " ) distribution_config_response = self.cloudfront_client.get_distribution_config( Id=distribution_id ) distribution_config = distribution_config_response["DistributionConfig"] distribution_etag = distribution_config_response["ETag"] distribution_config["Comment"] = input( f"\nThe current comment for distribution {distribution_id} is " f"'{distribution_config['Comment']}'.\n" f"Enter a new comment: " ) self.cloudfront_client.update_distribution( DistributionConfig=distribution_config, Id=distribution_id, IfMatch=distribution_etag, ) print("Done!") ``` + 有关 API 的详细信息，请参阅适用[GetDistributionConfig](https://docs.aws.amazon.com/goto/boto3/cloudfront-2020-05-31/GetDistributionConfig)于 *Python 的AWS SDK (Boto3) API 参考*。 ------ # 将 `ListCloudFrontOriginAccessIdentities` 与 CLI 配合使用以下代码示例演示如何使用 `ListCloudFrontOriginAccessIdentities`。 ------ #### [ CLI ] **AWS CLI** **列出 CloudFront 源访问身份** 以下示例获取了您 AWS 账户中的 CloudFront 原始访问身份 (OAIs) 的列表： ``` aws cloudfront list-cloud-front-origin-access-identities ``` 输出： ``` { "CloudFrontOriginAccessIdentityList": { "Items": [ { "Id": "E74FTE3AEXAMPLE", "S3CanonicalUserId": "cd13868f797c227fbea2830611a26fe0a21ba1b826ab4bed9b7771c9aEXAMPLE", "Comment": "Example OAI" }, { "Id": "EH1HDMBEXAMPLE", "S3CanonicalUserId": "1489f6f2e6faacaae7ff64c4c3e6956c24f78788abfc1718c3527c263bf7a17EXAMPLE", "Comment": "Test OAI" }, { "Id": "E2X2C9TEXAMPLE", "S3CanonicalUserId": "cbfeebb915a64749f9be546a45b3fcfd3a31c779673c13c4dd460911ae402c2EXAMPLE", "Comment": "Example OAI #2" } ] } } ``` + 有关 API 的详细信息，请参阅*AWS CLI 命令参考[ListCloudFrontOriginAccessIdentities](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-cloud-front-origin-access-identities.html)*中的。 ------ #### [ PowerShell ] **适用于 PowerShell V4 的工具** **示例 1：此示例返回 Amazon CloudFront 来源访问身份列表。由于-MaxItem 参数指定的值为 2，因此结果包含两个恒等式。** ``` Get-CFCloudFrontOriginAccessIdentityList -MaxItem 2 ``` **输出**： ``` IsTruncated : True Items : {E326XXXXXXXXXT, E1YWXXXXXXX9B} Marker : MaxItems : 2 NextMarker : E1YXXXXXXXXX9B Quantity : 2 ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 4) [ListCloudFrontOriginAccessIdentities](https://docs.aws.amazon.com/powershell/v4/reference)中的。 **适用于 PowerShell V5 的工具** **示例 1：此示例返回 Amazon CloudFront 来源访问身份列表。由于-MaxItem 参数指定的值为 2，因此结果包含两个恒等式。** ``` Get-CFCloudFrontOriginAccessIdentityList -MaxItem 2 ``` **输出**： ``` IsTruncated : True Items : {E326XXXXXXXXXT, E1YWXXXXXXX9B} Marker : MaxItems : 2 NextMarker : E1YXXXXXXXXX9B Quantity : 2 ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 5) [ListCloudFrontOriginAccessIdentities](https://docs.aws.amazon.com/powershell/v5/reference)中的。 ------ # `ListDistributions`与 AWS SDK 或 CLI 配合使用以下代码示例演示如何使用 `ListDistributions`。 ------ #### [ CLI ] **AWS CLI** **列出 CloudFront 发行版** 以下示例获取了您 AWS 账户中的 CloudFront 分配列表。 ``` aws cloudfront list-distributions ``` 输出： ``` { "DistributionList": { "Items": [ { "Id": "E23YS8OEXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/E23YS8OEXAMPLE", "Status": "Deployed", "LastModifiedTime": "2024-08-05T18:23:40.375000+00:00", "DomainName": "abcdefgh12ijk.cloudfront.net", "Aliases": { "Quantity": 0 }, "Origins": { "Quantity": 1, "Items": [ { "Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" }, "ConnectionAttempts": 3, "ConnectionTimeout": 10, "OriginShield": { "Enabled": false }, "OriginAccessControlId": "EIAP8PEXAMPLE" } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "TrustedKeyGroups": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "Compress": true, "LambdaFunctionAssociations": { "Quantity": 0 }, "FunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "", "CachePolicyId": "658327ea-f89d-4fab-a63d-7e886EXAMPLE" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "SSLSupportMethod": "vip", "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "HTTP2", "IsIPV6Enabled": true, "Staging": false } ] } } ``` + 有关 API 的详细信息，请参阅*AWS CLI 命令参考[ListDistributions](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-distributions.html)*中的。 ------ #### [ PowerShell ] **适用于 PowerShell V4 的工具** **示例 1：返回分配。** ``` Get-CFDistributionList ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 4) [ListDistributions](https://docs.aws.amazon.com/powershell/v4/reference)中的。 **适用于 PowerShell V5 的工具** **示例 1：返回分配。** ``` Get-CFDistributionList ``` + 有关 API 的详细信息，请参阅 *AWS Tools for PowerShell Cmdlet 参考 (V* 5) [ListDistributions](https://docs.aws.amazon.com/powershell/v5/reference)中的。 ------ #### [ Python ] **适用于 Python 的 SDK（Boto3）** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cloudfront#code-examples)中查找完整示例，了解如何进行设置和运行。 ``` class CloudFrontWrapper: """Encapsulates Amazon CloudFront operations.""" def __init__(self, cloudfront_client): """ :param cloudfront_client: A Boto3 CloudFront client """ self.cloudfront_client = cloudfront_client def list_distributions(self): print("CloudFront distributions:\n") distributions = self.cloudfront_client.list_distributions() if distributions["DistributionList"]["Quantity"] > 0: for distribution in distributions["DistributionList"]["Items"]: print(f"Domain: {distribution['DomainName']}") print(f"Distribution Id: {distribution['Id']}") print( f"Certificate Source: " f"{distribution['ViewerCertificate']['CertificateSource']}" ) if distribution["ViewerCertificate"]["CertificateSource"] == "acm": print( f"Certificate: {distribution['ViewerCertificate']['Certificate']}" ) print("") else: print("No CloudFront distributions detected.") ``` + 有关 API 的详细信息，请参阅适用[ListDistributions](https://docs.aws.amazon.com/goto/boto3/cloudfront-2020-05-31/ListDistributions)于 *Python 的AWS SDK (Boto3) API 参考*。 ------ #### [ SAP ABAP ] **适用于 SAP ABAP 的 SDK** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/fnt#code-examples)中查找完整示例，了解如何进行设置和运行。 ``` TRY. oo_result = lo_fnt->listdistributions( ). " oo_result is returned for testing purposes. " MESSAGE 'Retrieved list of CloudFront distributions.' TYPE 'I'. CATCH /aws1/cx_fntinvalidargument. MESSAGE 'Invalid argument provided.' TYPE 'E'. ENDTRY. ``` + 有关 API 的详细信息，请参阅适用[ListDistributions](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)于 S *AP 的AWS SDK ABAP API 参考*。 ------ # `UpdateDistribution`与 AWS SDK 或 CLI 配合使用以下代码示例演示如何使用 `UpdateDistribution`。操作示例是大型程序的代码摘录，必须在上下文中运行。在以下代码示例中，您可以查看此操作的上下文： + [开始使用 CloudFront](cloudfront_example_cloudfront_GettingStarted_section.md) ------ #### [ CLI ] **AWS CLI** **示例 1：更新 CloudFront 分配的默认根对象** 以下示例将 CloudFront 分配的默认根对象更新为 ID `EDFDVBD6EXAMPLE`。`index.html` ``` aws cloudfront update-distribution \ --id EDFDVBD6EXAMPLE \ --default-root-object index.html ``` 输出： ``` { "ETag": "E2QWRUHEXAMPLE", "Distribution": { "Id": "EDFDVBD6EXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE", "Status": "InProgress", "LastModifiedTime": "2019-12-06T18:55:39.870Z", "InProgressInvalidationBatches": 0, "DomainName": "d111111abcdef8.cloudfront.net", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "6b10378d-49be-4c4b-a642-419ccaf8f3b5", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "example-website", "DomainName": "www.example.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "CustomOriginConfig": { "HTTPPort": 80, "HTTPSPort": 443, "OriginProtocolPolicy": "match-viewer", "OriginSslProtocols": { "Quantity": 2, "Items": [ "SSLv3", "TLSv1" ] }, "OriginReadTimeout": 30, "OriginKeepaliveTimeout": 5 } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "example-website", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 1, "Items": [ "*" ] }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http1.1", "IsIPV6Enabled": true } } } ``` **示例 2：更新分 CloudFront 配** 以下示例`EMLARXS9EXAMPLE`通过在名`dist-config-disable.json`为的 CloudFront JSON 文件中提供分发配置来禁用 ID 的分发。要更新分配，您必须使用 `--if-match` 选项来提供分配的 `ETag`。要获取`ETag`，请使用 get-distribution 或 get-distribution-config命令。请注意，在 JSON 文件中，`Enabled` 字段设置为 `false`。使用以下示例禁用分配后，您可以使用 delete-distribute 命令将其删除。 ``` aws cloudfront update-distribution \ --id EMLARXS9EXAMPLE \ --if-match E2QWRUHEXAMPLE \ --distribution-config file://dist-config-disable.json ``` `dist-config-disable.json` 的内容： ``` { "CallerReference": "cli-1574382155-496510", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939", "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": false, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } ``` 输出： ``` { "ETag": "E9LHASXEXAMPLE", "Distribution": { "Id": "EMLARXS9EXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/EMLARXS9EXAMPLE", "Status": "InProgress", "LastModifiedTime": "2019-12-06T18:32:35.553Z", "InProgressInvalidationBatches": 0, "DomainName": "d111111abcdef8.cloudfront.net", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "cli-1574382155-496510", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939", "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": false, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } } } ``` + 有关 API 的详细信息，请参阅*AWS CLI 命令参考[UpdateDistribution](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/update-distribution.html)*中的。 ------ #### [ Java ] **适用于 Java 的 SDK 2.x** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中查找完整示例，了解如何进行设置和运行。 ``` import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.GetDistributionRequest; import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.Distribution; import software.amazon.awssdk.services.cloudfront.model.DistributionConfig; import software.amazon.awssdk.services.cloudfront.model.UpdateDistributionRequest; import software.amazon.awssdk.services.cloudfront.model.CloudFrontException; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class ModifyDistribution { public static void main(String[] args) { final String usage = """ Usage: \s Where: id - the id value of the distribution.\s """; if (args.length != 1) { System.out.println(usage); System.exit(1); } String id = args[0]; CloudFrontClient cloudFrontClient = CloudFrontClient.builder() .region(Region.AWS_GLOBAL) .build(); modDistribution(cloudFrontClient, id); cloudFrontClient.close(); } public static void modDistribution(CloudFrontClient cloudFrontClient, String idVal) { try { // Get the Distribution to modify. GetDistributionRequest disRequest = GetDistributionRequest.builder() .id(idVal) .build(); GetDistributionResponse response = cloudFrontClient.getDistribution(disRequest); Distribution disObject = response.distribution(); DistributionConfig config = disObject.distributionConfig(); // Create a new DistributionConfig object and add new values to comment and // aliases DistributionConfig config1 = DistributionConfig.builder() .aliases(config.aliases()) // You can pass in new values here .comment("New Comment") .cacheBehaviors(config.cacheBehaviors()) .priceClass(config.priceClass()) .defaultCacheBehavior(config.defaultCacheBehavior()) .enabled(config.enabled()) .callerReference(config.callerReference()) .logging(config.logging()) .originGroups(config.originGroups()) .origins(config.origins()) .restrictions(config.restrictions()) .defaultRootObject(config.defaultRootObject()) .webACLId(config.webACLId()) .httpVersion(config.httpVersion()) .viewerCertificate(config.viewerCertificate()) .customErrorResponses(config.customErrorResponses()) .build(); UpdateDistributionRequest updateDistributionRequest = UpdateDistributionRequest.builder() .distributionConfig(config1) .id(disObject.id()) .ifMatch(response.eTag()) .build(); cloudFrontClient.updateDistribution(updateDistributionRequest); } catch (CloudFrontException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } } ``` + 有关 API 的详细信息，请参阅 *AWS SDK for Java 2.x API 参考[UpdateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/UpdateDistribution)*中的。 ------ #### [ Python ] **适用于 Python 的 SDK（Boto3）** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cloudfront#code-examples)中查找完整示例，了解如何进行设置和运行。 ``` class CloudFrontWrapper: """Encapsulates Amazon CloudFront operations.""" def __init__(self, cloudfront_client): """ :param cloudfront_client: A Boto3 CloudFront client """ self.cloudfront_client = cloudfront_client def update_distribution(self): distribution_id = input( "This script updates the comment for a CloudFront distribution.\n" "Enter a CloudFront distribution ID: " ) distribution_config_response = self.cloudfront_client.get_distribution_config( Id=distribution_id ) distribution_config = distribution_config_response["DistributionConfig"] distribution_etag = distribution_config_response["ETag"] distribution_config["Comment"] = input( f"\nThe current comment for distribution {distribution_id} is " f"'{distribution_config['Comment']}'.\n" f"Enter a new comment: " ) self.cloudfront_client.update_distribution( DistributionConfig=distribution_config, Id=distribution_id, IfMatch=distribution_etag, ) print("Done!") ``` + 有关 API 的详细信息，请参阅适用[UpdateDistribution](https://docs.aws.amazon.com/goto/boto3/cloudfront-2020-05-31/UpdateDistribution)于 *Python 的AWS SDK (Boto3) API 参考*。 ------ #### [ SAP ABAP ] **适用于 SAP ABAP 的 SDK** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/fnt#code-examples)中查找完整示例，了解如何进行设置和运行。 ``` TRY. " Get the current distribution configuration and ETag " DATA(lo_distribution_config_result) = lo_fnt->getdistributionconfig( iv_id = iv_distribution_id ). DATA(lo_old_config) = lo_distribution_config_result->get_distributionconfig( ). DATA(lv_etag) = lo_distribution_config_result->get_etag( ). " Create a new distribution config with the updated comment " " Since the config object is immutable, we need to create a new one with all existing values " DATA(lo_new_config) = NEW /aws1/cl_fntdistributionconfig( iv_callerreference = lo_old_config->get_callerreference( ) io_aliases = lo_old_config->get_aliases( ) iv_defaultrootobject = lo_old_config->get_defaultrootobject( ) io_origins = lo_old_config->get_origins( ) io_origingroups = lo_old_config->get_origingroups( ) io_defaultcachebehavior = lo_old_config->get_defaultcachebehavior( ) io_cachebehaviors = lo_old_config->get_cachebehaviors( ) io_customerrorresponses = lo_old_config->get_customerrorresponses( ) iv_comment = iv_comment io_logging = lo_old_config->get_logging( ) iv_priceclass = lo_old_config->get_priceclass( ) iv_enabled = lo_old_config->get_enabled( ) io_viewercertificate = lo_old_config->get_viewercertificate( ) io_restrictions = lo_old_config->get_restrictions( ) iv_webaclid = lo_old_config->get_webaclid( ) iv_httpversion = lo_old_config->get_httpversion( ) iv_isipv6enabled = lo_old_config->get_isipv6enabled( ) ). " Update the distribution with the modified configuration " lo_fnt->updatedistribution( io_distributionconfig = lo_new_config iv_id = iv_distribution_id iv_ifmatch = lv_etag ). MESSAGE 'CloudFront distribution updated successfully.' TYPE 'I'. CATCH /aws1/cx_fntnosuchdistribution. MESSAGE 'Distribution does not exist.' TYPE 'E'. CATCH /aws1/cx_fntpreconditionfailed. MESSAGE 'Precondition failed - ETag mismatch.' TYPE 'E'. CATCH /aws1/cx_fntinvalidifmatchvrs. MESSAGE 'Invalid If-Match version.' TYPE 'E'. ENDTRY. ``` + 有关 API 的详细信息，请参阅适用[UpdateDistribution](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)于 S *AP 的AWS SDK ABAP API 参考*。 ------ # CloudFront 使用场景 AWS SDKs 以下代码示例向您展示了如何在中 CloudFront实现常见场景 AWS SDKs。这些场景向您展示了如何通过在其中调用多个函数 CloudFront 或与其他函数组合来完成特定任务 AWS 服务。每个场景都包含完整源代码的链接，您可以在其中找到有关如何设置和运行代码的说明。场景以中等水平的经验为目标，可帮助您结合具体环境了解服务操作。 **Topics** + [创建多租户分配和分配租户](cloudfront_example_cloudfront_CreateSaasResources_section.md) + [删除签名资源](cloudfront_example_cloudfront_DeleteSigningResources_section.md) + [开始使用 CloudFront](cloudfront_example_cloudfront_GettingStarted_section.md) + [签名 URLs 和饼干](cloudfront_example_cloudfront_CloudFrontUtilities_section.md) # 创建 SaaS 经理资源 AWS SDK 以下代码示例演示了如何使用各种配置创建多租户分配和分配租户。 ------ #### [ Java ] **适用于 Java 的 SDK 2.x** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中查找完整示例，了解如何进行设置和运行。以下示例演示了如何使用参数和通配符证书创建多租户分配。 ``` import software.amazon.awssdk.core.internal.waiters.ResponseOrException; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.ConnectionMode; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.Distribution; import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.HttpVersion; import software.amazon.awssdk.services.cloudfront.model.Method; import software.amazon.awssdk.services.cloudfront.model.SSLSupportMethod; import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy; import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter; import software.amazon.awssdk.services.s3.S3Client; import java.time.Instant; public class CreateMultiTenantDistribution { public static Distribution CreateMultiTenantDistributionWithCert(CloudFrontClient cloudFrontClient, S3Client s3Client, final String bucketName, final String certificateArn) { // fetch the origin info if necessary final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers() .get("x-amz-bucket-region").get(0); final String originDomain = bucketName + ".s3." + region + ".amazonaws.com"; String originId = originDomain; // Use the originDomain value for the originId. CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder .distributionConfig(b1 -> b1 .httpVersion(HttpVersion.HTTP2) .enabled(true) .comment("Template Distribution with cert built with java") .connectionMode(ConnectionMode.TENANT_ONLY) .callerReference(Instant.now().toString()) .viewerCertificate(certBuilder -> certBuilder .acmCertificateArn(certificateArn) .sslSupportMethod(SSLSupportMethod.SNI_ONLY)) .origins(b2 -> b2 .quantity(1) .items(b3 -> b3 .domainName(originDomain) .id(originId) .originPath("/{{tenantName}}") .s3OriginConfig(builder4 -> builder4 .originAccessIdentity( "")))) .tenantConfig(b5 -> b5 .parameterDefinitions(b6 -> b6 .name("tenantName") .definition(b7 -> b7 .stringSchema(b8 -> b8 .comment("tenantName value") .defaultValue("root") .required(false))))) .defaultCacheBehavior(b2 -> b2 .viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy .allowedMethods(b4 -> b4 .quantity(2) .items(Method.HEAD, Method.GET))) )); final Distribution distribution = createDistResponse.distribution(); try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distribution.id())) .matched(); responseOrException.response() .orElseThrow(() -> new RuntimeException("Distribution not created")); } return distribution; } public static Distribution CreateMultiTenantDistributionNoCert(CloudFrontClient cloudFrontClient, S3Client s3Client, final String bucketName) { // fetch the origin info if necessary final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers() .get("x-amz-bucket-region").get(0); final String originDomain = bucketName + ".s3." + region + ".amazonaws.com"; String originId = originDomain; // Use the originDomain value for the originId. CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder .distributionConfig(b1 -> b1 .httpVersion(HttpVersion.HTTP2) .enabled(true) .comment("Template Distribution with cert built with java") .connectionMode(ConnectionMode.TENANT_ONLY) .callerReference(Instant.now().toString()) .origins(b2 -> b2 .quantity(1) .items(b3 -> b3 .domainName(originDomain) .id(originId) .originPath("/{{tenantName}}") .s3OriginConfig(builder4 -> builder4 .originAccessIdentity( "")))) .tenantConfig(b5 -> b5 .parameterDefinitions(b6 -> b6 .name("tenantName") .definition(b7 -> b7 .stringSchema(b8 -> b8 .comment("tenantName value") .defaultValue("root") .required(false))))) .defaultCacheBehavior(b2 -> b2 .viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy .allowedMethods(b4 -> b4 .quantity(2) .items(Method.HEAD, Method.GET))) )); final Distribution distribution = createDistResponse.distribution(); try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distribution.id())) .matched(); responseOrException.response() .orElseThrow(() -> new RuntimeException("Distribution not created")); } return distribution; } } ``` 以下示例演示了如何创建与该模板关联的分配租户，包括利用我们在上面声明的参数。请注意，我们不需要在此处添加证书信息，因为父模板涵盖了我们的域。 ``` import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantNoCert(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .enabled(false) .name("no-cert-tenant") ); final DistributionTenant distributionTenant = createResponse.distributionTenant(); // Then update the Route53 hosted zone to point your domain at the distribution tenant // We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder .identifier(distributionTenant.connectionGroupId())); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("ChangeBatch comment") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type("CNAME") .ttl(300L) .resourceRecords(b4 -> b4 .value(fetchedConnectionGroup.connectionGroup().routingEndpoint()))) .action("CREATE")) )); return distributionTenant; } } ``` 如果父模板中省略了查看器证书，则需要改为添加与之关联的租户的证书信息。以下示例演示了如何通过涵盖租户所需域的 ACM 证书 arn 来执行此操作。 ``` import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantWithCert(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId, String certificateArn) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .enabled(false) .name("tenant-with-cert") .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .customizations(b3 -> b3 .certificate(b4 -> b4 .arn(certificateArn))) // NOTE: Cert must be in Us-East-1 and cover the domain provided in this request ); final DistributionTenant distributionTenant = createResponse.distributionTenant(); // Then update the Route53 hosted zone to point your domain at the distribution tenant // We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder .identifier(distributionTenant.connectionGroupId())); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("ChangeBatch comment") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type("CNAME") .ttl(300L) .resourceRecords(b4 -> b4 .value(fetchedConnectionGroup.connectionGroup().routingEndpoint()))) .action("CREATE")) )); return distributionTenant; } } ``` 以下示例演示如何使用托管的 CloudFront托管证书请求执行此操作。如果还没有流量流向您的域，则这是理想之选。在本例中，我们创建 a ConnectionGroup 来生成 RoutingEndpoint。然后我们用它 RoutingEndpoint 来创建 DNS 记录，用于验证域名所有权并指向 CloudFront。 CloudFront 然后将自动提供令牌来验证域名所有权并创建托管证书。 ``` import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantCfHosted(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId) throws InterruptedException { CreateConnectionGroupResponse createConnectionGroupResponse = cloudFrontClient.createConnectionGroup(builder -> builder .ipv6Enabled(true) .name("cf-hosted-connection-group") .enabled(true)); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("cf-hosted domain validation record") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type(RRType.CNAME) .ttl(300L) .resourceRecords(b4 -> b4 .value(createConnectionGroupResponse.connectionGroup().routingEndpoint()))) .action("CREATE")) )); // Give the R53 record time to propagate, if it isn't being returned by servers yet, the following call will fail Thread.sleep(60000); CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .connectionGroupId(createConnectionGroupResponse.connectionGroup().id()) .enabled(false) .name("cf-hosted-tenant") .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .managedCertificateRequest(b3 -> b3 .validationTokenHost(ValidationTokenHost.CLOUDFRONT) ) ); return createResponse.distributionTenant(); } } ``` 以下示例演示了如何使用自托管的托管式证书请求来执行此操作。如果您有流量流向您的域，并且无法容忍在迁移期间出现停机，则这是理想之选。在本示例的最后，将在等待域验证和 DNS 设置的状态下创建租户。准备好迁移流量时，请按照 [此处]（https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certifront-certificates.html\$1complete-domain-ownership）完成设置。 ``` import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantSelfHosted(CloudFrontClient cloudFrontClient, String distributionId, String domain) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .enabled(false) .name("self-hosted-tenant") .managedCertificateRequest(b3 -> b3 .validationTokenHost(ValidationTokenHost.SELF_HOSTED) .primaryDomainName(domain) ) ); return createResponse.distributionTenant(); } } ``` + 有关 API 详细信息，请参阅《AWS SDK for Java 2.x API Reference》**中的以下主题。 + [CreateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistribution) + [CreateDistributionTenant](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistributionTenant) ------ # 使用 AWS SDK 删除 CloudFront 签名资源以下代码示例演示了如何删除用于访问 Amazon Simple Storage Service (Amazon S3) 桶中的受限内容的资源。 ------ #### [ Java ] **适用于 Java 的 SDK 2.x** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples) 中查找完整示例，了解如何进行设置和运行。 ``` import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.DeleteKeyGroupResponse; import software.amazon.awssdk.services.cloudfront.model.DeleteOriginAccessControlResponse; import software.amazon.awssdk.services.cloudfront.model.DeletePublicKeyResponse; import software.amazon.awssdk.services.cloudfront.model.GetKeyGroupResponse; import software.amazon.awssdk.services.cloudfront.model.GetOriginAccessControlResponse; import software.amazon.awssdk.services.cloudfront.model.GetPublicKeyResponse; public class DeleteSigningResources { private static final Logger logger = LoggerFactory.getLogger(DeleteSigningResources.class); public static void deleteOriginAccessControl(final CloudFrontClient cloudFrontClient, final String originAccessControlId) { GetOriginAccessControlResponse getResponse = cloudFrontClient .getOriginAccessControl(b -> b.id(originAccessControlId)); DeleteOriginAccessControlResponse deleteResponse = cloudFrontClient.deleteOriginAccessControl(builder -> builder .id(originAccessControlId) .ifMatch(getResponse.eTag())); if (deleteResponse.sdkHttpResponse().isSuccessful()) { logger.info("Successfully deleted Origin Access Control [{}]", originAccessControlId); } } public static void deleteKeyGroup(final CloudFrontClient cloudFrontClient, final String keyGroupId) { GetKeyGroupResponse getResponse = cloudFrontClient.getKeyGroup(b -> b.id(keyGroupId)); DeleteKeyGroupResponse deleteResponse = cloudFrontClient.deleteKeyGroup(builder -> builder .id(keyGroupId) .ifMatch(getResponse.eTag())); if (deleteResponse.sdkHttpResponse().isSuccessful()) { logger.info("Successfully deleted Key Group [{}]", keyGroupId); } } public static void deletePublicKey(final CloudFrontClient cloudFrontClient, final String publicKeyId) { GetPublicKeyResponse getResponse = cloudFrontClient.getPublicKey(b -> b.id(publicKeyId)); DeletePublicKeyResponse deleteResponse = cloudFrontClient.deletePublicKey(builder -> builder .id(publicKeyId) .ifMatch(getResponse.eTag())); if (deleteResponse.sdkHttpResponse().isSuccessful()) { logger.info("Successfully deleted Public Key [{}]", publicKeyId); } } } ``` + 有关 API 详细信息，请参阅《AWS SDK for Java 2.x API Reference》**中的以下主题。 + [DeleteKeyGroup](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteKeyGroup) + [DeleteOriginAccessControl](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteOriginAccessControl) + [DeletePublicKey](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeletePublicKey) ------ # 使用 CLI 开始基本 CloudFront 发行版以下代码示例展示了如何： + 创建 Amazon S3 存储桶来存储内容 + 将示例内容上传到 S3 存储桶 + 创建来源访问控制（OAC）来实现安全的 S3 访问 + 创建以 S3 为起点的 CloudFront 分配 + 更新 S3 存储桶策略以允许 CloudFront 访问 + 等待分配部署并测试内容访问权限 + 清理资源，包括分配、OAC 和 S3 存储桶 ------ #### [ Bash ] **AWS CLI 使用 Bash 脚本** 还有更多相关信息 GitHub。在 [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/005-cloudfront-gettingstarted) 存储库中查找完整示例，了解如何进行设置和运行。 ``` #!/bin/bash # CloudFront Getting Started Tutorial Script # This script creates an S3 bucket, uploads sample content, creates a CloudFront distribution with OAC, # and demonstrates how to access content through CloudFront. # Set up logging LOG_FILE="cloudfront-tutorial.log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting CloudFront Getting Started Tutorial at $(date)" # Function to handle errors handle_error() { echo "ERROR: $1" echo "Resources created before error:" if [ -n "$BUCKET_NAME" ]; then echo "- S3 Bucket: $BUCKET_NAME" fi if [ -n "$OAC_ID" ]; then echo "- CloudFront Origin Access Control: $OAC_ID" fi if [ -n "$DISTRIBUTION_ID" ]; then echo "- CloudFront Distribution: $DISTRIBUTION_ID" fi echo "Attempting to clean up resources..." cleanup exit 1 } # Function to clean up resources cleanup() { echo "Cleaning up resources..." if [ -n "$DISTRIBUTION_ID" ]; then echo "Disabling CloudFront distribution $DISTRIBUTION_ID..." # Get the current configuration and ETag ETAG=$(aws cloudfront get-distribution-config --id "$DISTRIBUTION_ID" --query 'ETag' --output text) if [ $? -ne 0 ]; then echo "Failed to get distribution config. Continuing with cleanup..." else # Create a modified configuration with Enabled=false aws cloudfront get-distribution-config --id "$DISTRIBUTION_ID" | \ jq '.DistributionConfig.Enabled = false' > temp_disabled_config.json # Update the distribution to disable it aws cloudfront update-distribution \ --id "$DISTRIBUTION_ID" \ --distribution-config file://<(jq '.DistributionConfig' temp_disabled_config.json) \ --if-match "$ETAG" if [ $? -ne 0 ]; then echo "Failed to disable distribution. Continuing with cleanup..." else echo "Waiting for distribution to be disabled (this may take several minutes)..." aws cloudfront wait distribution-deployed --id "$DISTRIBUTION_ID" # Delete the distribution ETAG=$(aws cloudfront get-distribution-config --id "$DISTRIBUTION_ID" --query 'ETag' --output text) aws cloudfront delete-distribution --id "$DISTRIBUTION_ID" --if-match "$ETAG" if [ $? -ne 0 ]; then echo "Failed to delete distribution. You may need to delete it manually." else echo "CloudFront distribution deleted." fi fi fi fi if [ -n "$OAC_ID" ]; then echo "Deleting Origin Access Control $OAC_ID..." OAC_ETAG=$(aws cloudfront get-origin-access-control --id "$OAC_ID" --query 'ETag' --output text 2>/dev/null) if [ $? -ne 0 ]; then echo "Failed to get Origin Access Control ETag. You may need to delete it manually." else aws cloudfront delete-origin-access-control --id "$OAC_ID" --if-match "$OAC_ETAG" if [ $? -ne 0 ]; then echo "Failed to delete Origin Access Control. You may need to delete it manually." else echo "Origin Access Control deleted." fi fi fi if [ -n "$BUCKET_NAME" ]; then echo "Deleting S3 bucket $BUCKET_NAME and its contents..." aws s3 rm "s3://$BUCKET_NAME" --recursive if [ $? -ne 0 ]; then echo "Failed to remove bucket contents. Continuing with bucket deletion..." fi aws s3 rb "s3://$BUCKET_NAME" if [ $? -ne 0 ]; then echo "Failed to delete bucket. You may need to delete it manually." else echo "S3 bucket deleted." fi fi # Clean up temporary files rm -f temp_disabled_config.json rm -rf temp_content } # Generate a random identifier for the bucket name RANDOM_ID=$(openssl rand -hex 6) BUCKET_NAME="cloudfront-${RANDOM_ID}" echo "Using bucket name: $BUCKET_NAME" # Create a temporary directory for content TEMP_DIR="temp_content" mkdir -p "$TEMP_DIR/css" if [ $? -ne 0 ]; then handle_error "Failed to create temporary directory" fi # Step 1: Create an S3 bucket echo "Creating S3 bucket: $BUCKET_NAME" aws s3 mb "s3://$BUCKET_NAME" if [ $? -ne 0 ]; then handle_error "Failed to create S3 bucket" fi # Step 2: Create sample content echo "Creating sample content..." cat > "$TEMP_DIR/index.html" << 'EOF' Hello World

Hello world!

EOF cat > "$TEMP_DIR/css/styles.css" << 'EOF' body { font-family: Arial, sans-serif; margin: 40px; background-color: #f5f5f5; } h1 { color: #333; text-align: center; } EOF # Step 3: Upload content to the S3 bucket echo "Uploading content to S3 bucket..." aws s3 cp "$TEMP_DIR/" "s3://$BUCKET_NAME/" --recursive if [ $? -ne 0 ]; then handle_error "Failed to upload content to S3 bucket" fi # Step 4: Create Origin Access Control echo "Creating Origin Access Control..." OAC_RESPONSE=$(aws cloudfront create-origin-access-control \ --origin-access-control-config Name="oac-for-$BUCKET_NAME",SigningProtocol=sigv4,SigningBehavior=always,OriginAccessControlOriginType=s3) if [ $? -ne 0 ]; then handle_error "Failed to create Origin Access Control" fi OAC_ID=$(echo "$OAC_RESPONSE" | jq -r '.OriginAccessControl.Id') echo "Created Origin Access Control with ID: $OAC_ID" # Step 5: Create CloudFront distribution echo "Creating CloudFront distribution..." # Get AWS account ID for bucket policy ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text) if [ $? -ne 0 ]; then handle_error "Failed to get AWS account ID" fi # Create distribution configuration cat > distribution-config.json << EOF { "CallerReference": "cli-tutorial-$(date +%s)", "Origins": { "Quantity": 1, "Items": [ { "Id": "S3-$BUCKET_NAME", "DomainName": "$BUCKET_NAME.s3.amazonaws.com", "S3OriginConfig": { "OriginAccessIdentity": "" }, "OriginAccessControlId": "$OAC_ID" } ] }, "DefaultCacheBehavior": { "TargetOriginId": "S3-$BUCKET_NAME", "ViewerProtocolPolicy": "redirect-to-https", "AllowedMethods": { "Quantity": 2, "Items": ["GET", "HEAD"], "CachedMethods": { "Quantity": 2, "Items": ["GET", "HEAD"] } }, "DefaultTTL": 86400, "MinTTL": 0, "MaxTTL": 31536000, "Compress": true, "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" } } }, "Comment": "CloudFront distribution for tutorial", "Enabled": true, "WebACLId": "" } EOF DIST_RESPONSE=$(aws cloudfront create-distribution --distribution-config file://distribution-config.json) if [ $? -ne 0 ]; then handle_error "Failed to create CloudFront distribution" fi DISTRIBUTION_ID=$(echo "$DIST_RESPONSE" | jq -r '.Distribution.Id') DOMAIN_NAME=$(echo "$DIST_RESPONSE" | jq -r '.Distribution.DomainName') echo "Created CloudFront distribution with ID: $DISTRIBUTION_ID" echo "CloudFront domain name: $DOMAIN_NAME" # Step 6: Update S3 bucket policy echo "Updating S3 bucket policy..." cat > bucket-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Sid": "AllowCloudFrontServicePrincipal", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::$BUCKET_NAME/*", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudfront::$ACCOUNT_ID:distribution/$DISTRIBUTION_ID" } } } ] } EOF aws s3api put-bucket-policy --bucket "$BUCKET_NAME" --policy file://bucket-policy.json if [ $? -ne 0 ]; then handle_error "Failed to update S3 bucket policy" fi # Step 7: Wait for distribution to deploy echo "Waiting for CloudFront distribution to deploy (this may take 5-10 minutes)..." aws cloudfront wait distribution-deployed --id "$DISTRIBUTION_ID" if [ $? -ne 0 ]; then echo "Warning: Distribution deployment wait timed out. The distribution may still be deploying." else echo "CloudFront distribution is now deployed." fi # Step 8: Display access information echo "" echo "===== CloudFront Distribution Setup Complete =====" echo "You can access your content at: https://$DOMAIN_NAME/index.html" echo "" echo "Resources created:" echo "- S3 Bucket: $BUCKET_NAME" echo "- CloudFront Origin Access Control: $OAC_ID" echo "- CloudFront Distribution: $DISTRIBUTION_ID" echo "" # Ask user if they want to clean up resources read -p "Do you want to clean up all resources created by this script? (y/n): " CLEANUP_RESPONSE if [[ "$CLEANUP_RESPONSE" =~ ^[Yy] ]]; then cleanup echo "All resources have been cleaned up." else echo "Resources will not be cleaned up. You can manually delete them later." echo "To access your content, visit: https://$DOMAIN_NAME/index.html" fi echo "Tutorial completed at $(date)" ``` + 有关 API 详细信息，请参阅《AWS CLI 命令参考》**中的以下主题。 + [CreateDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/CreateDistribution) + [CreateOriginAccessControl](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/CreateOriginAccessControl) + [DeleteDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/DeleteDistribution) + [DeleteOriginAccessControl](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/DeleteOriginAccessControl) + [GetDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/GetDistribution) + [GetDistributionConfig](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/GetDistributionConfig) + [GetOriginAccessControl](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/GetOriginAccessControl) + [UpdateDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/UpdateDistribution) + [WaitDistributionDeployed](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/WaitDistributionDeployed) ------ # 使用 AWS 软件开发工具包创建签名 URLs 和 Cookie 以下代码示例显示了如何创建允许访问受限资源的签名 URLs 和 Cookie。 ------ #### [ Java ] **适用于 Java 的 SDK 2.x** 还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中查找完整示例，了解如何进行设置和运行。使用[CannedSignerRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/model/CannedSignerRequest.html)课堂签名 URLs 或使用*罐装*政策制作饼干。 ``` import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest; import java.net.URL; import java.nio.file.Path; import java.nio.file.Paths; import java.time.Instant; import java.time.temporal.ChronoUnit; public class CreateCannedPolicyRequest { public static CannedSignerRequest createRequestForCannedPolicy(String distributionDomainName, String fileNameToUpload, String privateKeyFullPath, String publicKeyId) throws Exception { String protocol = "https"; String resourcePath = "/" + fileNameToUpload; String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString(); Instant expirationDate = Instant.now().plus(7, ChronoUnit.DAYS); Path path = Paths.get(privateKeyFullPath); return CannedSignerRequest.builder() .resourceUrl(cloudFrontUrl) .privateKey(path) .keyPairId(publicKeyId) .expirationDate(expirationDate) .build(); } } ``` 使用[CustomSignerRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/model/CustomSignerRequest.html)课堂签名 URLs 或使用*自定义*策略进行 Cookie。`activeDate` 和 `ipRange` 是可选方法。 ``` import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest; import java.net.URL; import java.nio.file.Path; import java.nio.file.Paths; import java.time.Instant; import java.time.temporal.ChronoUnit; public class CreateCustomPolicyRequest { public static CustomSignerRequest createRequestForCustomPolicy(String distributionDomainName, String fileNameToUpload, String privateKeyFullPath, String publicKeyId) throws Exception { String protocol = "https"; String resourcePath = "/" + fileNameToUpload; String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString(); Instant expireDate = Instant.now().plus(7, ChronoUnit.DAYS); // URL will be accessible tomorrow using the signed URL. Instant activeDate = Instant.now().plus(1, ChronoUnit.DAYS); Path path = Paths.get(privateKeyFullPath); return CustomSignerRequest.builder() .resourceUrl(cloudFrontUrl) // .resourceUrlPattern("https://*.example.com/*") // Optional. .privateKey(path) .keyPairId(publicKeyId) .expirationDate(expireDate) .activeDate(activeDate) // Optional. // .ipRange("192.168.0.1/24") // Optional. .build(); } } ``` 以下示例演示如何使用该[CloudFrontUtilities](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/CloudFrontUtilities.html)类生成签名 Cookie 和 URLs。在上@@ [查看](https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/javav2/example_code/cloudfront/src/main/java/com/example/cloudfront/SigningUtilities.java)此代码示例 GitHub。 ``` import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.services.cloudfront.CloudFrontUtilities; import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCannedPolicy; import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCustomPolicy; import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest; import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest; import software.amazon.awssdk.services.cloudfront.url.SignedUrl; public class SigningUtilities { private static final Logger logger = LoggerFactory.getLogger(SigningUtilities.class); private static final CloudFrontUtilities cloudFrontUtilities = CloudFrontUtilities.create(); public static SignedUrl signUrlForCannedPolicy(CannedSignerRequest cannedSignerRequest) { SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCannedPolicy(cannedSignerRequest); logger.info("Signed URL: [{}]", signedUrl.url()); return signedUrl; } public static SignedUrl signUrlForCustomPolicy(CustomSignerRequest customSignerRequest) { SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCustomPolicy(customSignerRequest); logger.info("Signed URL: [{}]", signedUrl.url()); return signedUrl; } public static CookiesForCannedPolicy getCookiesForCannedPolicy(CannedSignerRequest cannedSignerRequest) { CookiesForCannedPolicy cookiesForCannedPolicy = cloudFrontUtilities .getCookiesForCannedPolicy(cannedSignerRequest); logger.info("Cookie EXPIRES header [{}]", cookiesForCannedPolicy.expiresHeaderValue()); logger.info("Cookie KEYPAIR header [{}]", cookiesForCannedPolicy.keyPairIdHeaderValue()); logger.info("Cookie SIGNATURE header [{}]", cookiesForCannedPolicy.signatureHeaderValue()); return cookiesForCannedPolicy; } public static CookiesForCustomPolicy getCookiesForCustomPolicy(CustomSignerRequest customSignerRequest) { CookiesForCustomPolicy cookiesForCustomPolicy = cloudFrontUtilities .getCookiesForCustomPolicy(customSignerRequest); logger.info("Cookie POLICY header [{}]", cookiesForCustomPolicy.policyHeaderValue()); logger.info("Cookie KEYPAIR header [{}]", cookiesForCustomPolicy.keyPairIdHeaderValue()); logger.info("Cookie SIGNATURE header [{}]", cookiesForCustomPolicy.signatureHeaderValue()); return cookiesForCustomPolicy; } } ``` + 有关 API 的详细信息，请参阅 *AWS SDK for Java 2.x API 参考[CloudFrontUtilities](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CloudFrontUtilities)*中的。 ------ # CloudFront 的函数示例 CloudFront 以下代码示例说明了如何 CloudFront 与一起使用 AWS SDKs。 **Topics** + [添加 HTTP 安全标头](cloudfront_example_cloudfront_functions_add_security_headers_section.md) + [添加 CORS 标头](cloudfront_example_cloudfront_functions_add_cors_header_section.md) + [添加缓存控制标头](cloudfront_example_cloudfront_functions_add_cache_control_header_section.md) + [添加真实客户端 IP 标头](cloudfront_example_cloudfront_functions_add_true_client_ip_header_section.md) + [添加源标头](cloudfront_example_cloudfront_functions_add_origin_header_section.md) + [将 index.html 添加到请求中 URLs](cloudfront_example_cloudfront_functions_url_rewrite_single_page_apps_section.md) + [标准化查询字符串参数](cloudfront_example_cloudfront_functions_normalize_query_string_parameters_section.md) + [重定向到新 URL](cloudfront_example_cloudfront_functions_redirect_based_on_country_section.md) + [重写请求 URI](cloudfront_example_cloudfront_functions_kvs_conditional_read_section.md) + [选择离查看器更近的来源](cloudfront_example_cloudfront_functions_select_origin_based_on_country_section.md) + [使用键值对](cloudfront_example_cloudfront_functions_kvs_key_value_pairs_section.md) + [验证简单令牌](cloudfront_example_cloudfront_functions_kvs_jwt_verify_section.md) # 将 HTTP 安全标头添加到 CloudFront 函数查看器响应事件以下代码示例说明如何向 CloudFront 函数查看器响应事件添加 HTTP 安全标头。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/add-security-headers)并学习如何设置和运行。CloudFront ``` async function handler(event) { var response = event.response; var headers = response.headers; // Set HTTP security headers // Since JavaScript doesn't allow for hyphens in variable names, we use the dict["key"] notation headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; headers['referrer-policy'] = {value: 'same-origin'}; // Return the response to viewers return response; } ``` ------ # 向 CloudFront 函数查看器响应事件添加 CORS 标头以下代码示例说明如何向 CloudFront 函数查看器响应事件添加 CORS 标头。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/add-cors-header)并学习如何设置和运行。CloudFront ``` async function handler(event) { var request = event.request; var response = event.response; // If Access-Control-Allow-Origin CORS header is missing, add it. // Since JavaScript doesn't allow for hyphens in variable names, we use the dict["key"] notation. if (!response.headers['access-control-allow-origin'] && request.headers['origin']) { response.headers['access-control-allow-origin'] = {value: request.headers['origin'].value}; console.log("Access-Control-Allow-Origin was missing, adding it now."); } return response; } ``` ------ # 向 CloudFront 函数查看器响应事件添加缓存控制标头以下代码示例说明如何向 CloudFront 函数查看器响应事件添加缓存控制标头。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/add-cache-control-header)并学习如何设置和运行。CloudFront ``` async function handler(event) { var response = event.response; var headers = response.headers; if (response.statusCode >= 200 && response.statusCode < 400) { // Set the cache-control header headers['cache-control'] = {value: 'public, max-age=63072000'}; } // Return response to viewers return response; } ``` ------ # 向 CloudFront 函数查看器请求事件添加真正的客户端 IP 标头以下代码示例说明如何向 CloudFront 函数查看器请求事件添加真正的客户端 IP 标头。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/add-true-client-ip-header)并学习如何设置和运行。CloudFront ``` async function handler(event) { var request = event.request; var clientIP = event.viewer.ip; //Add the true-client-ip header to the incoming request request.headers['true-client-ip'] = {value: clientIP}; return request; } ``` ------ # 将 Origin 标头添加到 CloudFront 函数查看器请求事件以下代码示例演示如何向 CloudFront 函数查看器请求事件添加源标头。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/add-origin-header)并学习如何设置和运行。CloudFront ``` async function handler(event) { var request = event.request; var headers = request.headers; var host = request.headers.host.value; // If origin header is missing, set it equal to the host header. if (!headers.origin) headers.origin = {value:`https://${host}`}; return request; } ``` ------ # 在 CloudFront 函数查看器请求事件中将 index.html 添加到 URLs 不带文件名的请求以下代码示例展示了如何在 CloudFront 函数查看器请求事件中将 index.html 添加到 URLs 没有文件名的请求中。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/url-rewrite-single-page-apps)并学习如何设置和运行。CloudFront ``` async function handler(event) { var request = event.request; var uri = request.uri; // Check whether the URI is missing a file name. if (uri.endsWith('/')) { request.uri += 'index.html'; } // Check whether the URI is missing a file extension. else if (!uri.includes('.')) { request.uri += '/index.html'; } return request; } ``` ------ # 规范化 CloudFront 函数查看器请求中的查询字符串参数以下代码示例显示了如何在 CloudFront 函数查看器请求中规范化查询字符串参数。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/normalize-query-string-parameters)并学习如何设置和运行。CloudFront ``` function handler(event) { var qs=[]; for (var key in event.request.querystring) { if (event.request.querystring[key].multiValue) { event.request.querystring[key].multiValue.forEach((mv) => {qs.push(key + "=" + mv.value)}); } else { qs.push(key + "=" + event.request.querystring[key].value); } }; event.request.querystring = qs.sort().join('&'); return event.request; } ``` ------ # 在 CloudFront 函数查看器请求事件中重定向到新 URL 以下代码示例显示了如何在 CloudFront 函数查看器请求事件中重定向到新 URL。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/redirect-based-on-country)并学习如何设置和运行。CloudFront ``` async function handler(event) { var request = event.request; var headers = request.headers; var host = request.headers.host.value; var country = 'DE' // Choose a country code var newurl = `https://${host}/de/index.html`; // Change the redirect URL to your choice if (headers['cloudfront-viewer-country']) { var countryCode = headers['cloudfront-viewer-country'].value; if (countryCode === country) { var response = { statusCode: 302, statusDescription: 'Found', headers: { "location": { "value": newurl } } } return response; } } return request; } ``` ------ # 根据 CloudFront 函数查看器请求事件的 KeyValueStore 配置重写请求 URI 以下代码示例显示如何根据 CloudFront 函数查看器请求事件的 KeyValueStore 配置重写请求 URI。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/kvs-conditional-read)并学习如何设置和运行。CloudFront ``` import cf from 'cloudfront'; // (Optional) Replace KVS_ID with actual KVS ID const kvsId = "KVS_ID"; // enable stickiness by setting a cookie from origin or using another edge function const stickinessCookieName = "appversion"; // set to true to enable console logging const loggingEnabled = false; // function rewrites the request uri based on configuration in KVS // example config in KVS in key:value format // "latest": {"a_weightage": .8, "a_url": "v1", "b_url": "v2"} // given above key and value in KVS the request uri will be rewritten // for example http(s)://domain/latest/something/else will be rewritten as http(s)://domain/v1/something/else or http(s)://domain/v2/something/else depending on weightage // if no configuration is found, then the request is returned as is async function handler(event) { // NOTE: This example function is for a viewer request event trigger. // Choose viewer request for event trigger when you associate this function with a distribution. const request = event.request; const pathSegments = request.uri.split('/'); const key = pathSegments[1]; // if empty path segment or if there is valid stickiness cookie // then skip call to KVS and let the request continue. if (!key || hasValidSticknessCookie(request.cookies[stickinessCookieName], key)) { return event.request; } try { // get the prefix replacement from KVS const replacement = await getPathPrefixByWeightage(key); if (!replacement) { return event.request; } //Replace the first path with the replacement pathSegments[1] = replacement; log(`using prefix ${pathSegments[1]}`) const newUri = pathSegments.join('/'); log(`${request.uri} -> ${newUri}`); request.uri = newUri; return request; } catch (err) { // No change to the path if the key is not found or any other error log(`request uri: ${request.uri}, error: ${err}`); } // no change to path - return request return event.request; } // function to get the prefix from KVS async function getPathPrefixByWeightage(key) { const kvsHandle = cf.kvs(kvsId); // get the weightage config from KVS const kvsResponse = await kvsHandle.get(key); const weightageConfig = JSON.parse(kvsResponse); // no configuration - return null if (!weightageConfig || !isFinite(weightageConfig.a_weightage)) { return null; } // return the url based on weightage // return null if no url is configured if (Math.random() <= weightageConfig.a_weightage) { return weightageConfig.a_url ? weightageConfig.a_url: null; } else { return weightageConfig.b_url ? weightageConfig.b_url : null; } } // function to check if the stickiness cookie is valid function hasValidSticknessCookie(stickinessCookie, pathSegment) { // if the value exists and it matches pathSegment return (stickinessCookie && stickinessCookie.value === pathSegment) } function log(message) { if (loggingEnabled) { console.log(message); } } ``` ------ # 在 Functions 查看器请求事件中将请求路由到离查看器更近的源 CloudFront 以下代码示例演示如何在 F CloudFront unctions 查看器请求事件中将请求路由到离查看器更近的源。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/select-origin-based-on-country)并学习如何设置和运行。CloudFront ``` import cf from 'cloudfront'; function handler(event) { const request = event.request; const headers = request.headers; const country = headers['cloudfront-viewer-country'] && headers['cloudfront-viewer-country'].value; //List of Regions with S3 buckets containing content const countryToRegion = { 'DE': 'eu-central-1', 'IE': 'eu-west-1', 'GB': 'eu-west-2', 'FR': 'eu-west-3', 'JP': 'ap-northeast-1', 'IN': 'ap-south-1' }; const DEFAULT_REGION = 'us-east-1'; const selectedRegion = (country && countryToRegion[country]) || DEFAULT_REGION; const domainName = `cloudfront-functions-demo-bucket-in-${selectedRegion}.s3.${selectedRegion}.amazonaws.com`; cf.updateRequestOrigin({ "domainName": domainName, "originAccessControlConfig": { "enabled": true, "region": selectedRegion, "signingBehavior": "always", "signingProtocol": "sigv4", "originType": "s3" }, }); return request; } ``` ------ # 在 CloudFront 函数查看器请求中使用键值对以下代码示例显示了如何在 CloudFront 函数查看器请求中使用键值对。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/kvs-key-value-pairs)并学习如何设置和运行。CloudFront ``` import cf from 'cloudfront'; // This fails if there is no key value store associated with the function const kvsHandle = cf.kvs(); // Remember to associate the KVS with your function before referencing KVS in your code. // https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/kvs-with-functions-associate.html async function handler(event) { const request = event.request; // Use the first segment of the pathname as key // For example http(s)://domain//something/else const pathSegments = request.uri.split('/') const key = pathSegments[1] try { // Replace the first path of the pathname with the value of the key // For example http(s)://domain//something/else pathSegments[1] = await kvsHandle.get(key); const newUri = pathSegments.join('/'); console.log(`${request.uri} -> ${newUri}`) request.uri = newUri; } catch (err) { // No change to the pathname if the key is not found console.log(`${request.uri} | ${err}`); } return request; } ``` ------ # 在 CloudFront 函数查看器请求中验证一个简单的标记以下代码示例显示了如何在 F CloudFront unctions 查看器请求中验证简单标记。 ------ #### [ JavaScript ] **JavaScript CloudFront 函数的运行时 2.0** 还有更多相关信息 GitHub。在 Functions 示例存储库中查找完整的[示例](https://github.com/aws-samples/amazon-cloudfront-functions/tree/main/kvs-jwt-verify)并学习如何设置和运行。CloudFront ``` import crypto from 'crypto'; import cf from 'cloudfront'; //Response when JWT is not valid. const response401 = { statusCode: 401, statusDescription: 'Unauthorized' }; // Remember to associate the KVS with your function before calling the const kvsKey = 'jwt.secret'. // https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/kvs-with-functions-associate.html const kvsKey = 'jwt.secret'; // set to true to enable console logging const loggingEnabled = false; function jwt_decode(token, key, noVerify, algorithm) { // check token if (!token) { throw new Error('No token supplied'); } // check segments const segments = token.split('.'); if (segments.length !== 3) { throw new Error('Not enough or too many segments'); } // All segment should be base64 const headerSeg = segments[0]; const payloadSeg = segments[1]; const signatureSeg = segments[2]; // base64 decode and parse JSON const payload = JSON.parse(_base64urlDecode(payloadSeg)); if (!noVerify) { const signingMethod = 'sha256'; const signingType = 'hmac'; // Verify signature. `sign` will return base64 string. const signingInput = [headerSeg, payloadSeg].join('.'); if (!_verify(signingInput, key, signingMethod, signingType, signatureSeg)) { throw new Error('Signature verification failed'); } // Support for nbf and exp claims. // According to the RFC, they should be in seconds. if (payload.nbf && Date.now() < payload.nbf*1000) { throw new Error('Token not yet active'); } if (payload.exp && Date.now() > payload.exp*1000) { throw new Error('Token expired'); } } return payload; } //Function to ensure a constant time comparison to prevent //timing side channels. function _constantTimeEquals(a, b) { if (a.length != b.length) { return false; } let xor = 0; for (let i = 0; i < a.length; i++) { xor |= (a.charCodeAt(i) ^ b.charCodeAt(i)); } return 0 === xor; } function _verify(input, key, method, type, signature) { if(type === "hmac") { return _constantTimeEquals(signature, _sign(input, key, method)); } else { throw new Error('Algorithm type not recognized'); } } function _sign(input, key, method) { return crypto.createHmac(method, key).update(input).digest('base64url'); } function _base64urlDecode(str) { return Buffer.from(str, 'base64url') } async function handler(event) { let request = event.request; //Secret key used to verify JWT token. //Update with your own key. const secret_key = await getSecret() if(!secret_key) { return response401; } // If no JWT token, then generate HTTP redirect 401 response. if(!request.querystring.jwt) { log("Error: No JWT in the querystring"); return response401; } const jwtToken = request.querystring.jwt.value; try{ jwt_decode(jwtToken, secret_key); } catch(e) { log(e); return response401; } //Remove the JWT from the query string if valid and return. delete request.querystring.jwt; log("Valid JWT token"); return request; } // get secret from key value store async function getSecret() { // initialize cloudfront kv store and get the key value try { const kvsHandle = cf.kvs(); return await kvsHandle.get(kvsKey); } catch (err) { log(`Error reading value for key: ${kvsKey}, error: ${err}`); return null; } } function log(message) { if (loggingEnabled) { console.log(message); } } ``` ------