文件 AWS 開發套件範例 GitHub 儲存庫中有更多可用的 [AWS SDK 範例](https://github.com/awsdocs/aws-doc-sdk-examples)。
本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 使用適用於 Java 2.x 的 SDK 的 CloudFront 範例
下列程式碼範例示範如何使用 AWS SDK for Java 2.x 搭配 CloudFront 來執行動作和實作常見案例。
*Actions* 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境中查看內容中的動作。
*案例*是向您展示如何呼叫服務中的多個函數或與其他 AWS 服務組合來完成特定任務的程式碼範例。
每個範例均包含完整原始碼的連結,您可在連結中找到如何設定和執行內容中程式碼的相關指示。
**Topics**
+ [動作](#actions)
+ [案例](#scenarios)
## 動作
### `CreateDistribution`
以下程式碼範例顯示如何使用 `CreateDistribution`。
**SDK for Java 2.x**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中設定和執行。
以下範例使用 Amazon Simple Storage Service (Amazon S3) 儲存貯體做為內容來源。
建立分佈之後,程式碼會建立 [CloudFrontWaiter](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/waiters/CloudFrontWaiter.html) 以等待部署分佈,然後再傳回分佈。
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.core.internal.waiters.ResponseOrException;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.Distribution;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.ItemSelection;
import software.amazon.awssdk.services.cloudfront.model.Method;
import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy;
import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter;
import software.amazon.awssdk.services.s3.S3Client;
import java.time.Instant;
public class CreateDistribution {
private static final Logger logger = LoggerFactory.getLogger(CreateDistribution.class);
public static Distribution createDistribution(CloudFrontClient cloudFrontClient, S3Client s3Client,
final String bucketName, final String keyGroupId, final String originAccessControlId) {
final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers()
.get("x-amz-bucket-region").get(0);
final String originDomain = bucketName + ".s3." + region + ".amazonaws.com";
String originId = originDomain; // Use the originDomain value for the originId.
// The service API requires some deprecated methods, such as
// DefaultCacheBehavior.Builder#minTTL and #forwardedValue.
CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder
.distributionConfig(b1 -> b1
.origins(b2 -> b2
.quantity(1)
.items(b3 -> b3
.domainName(originDomain)
.id(originId)
.s3OriginConfig(builder4 -> builder4
.originAccessIdentity(
""))
.originAccessControlId(
originAccessControlId)))
.defaultCacheBehavior(b2 -> b2
.viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.minTTL(200L)
.forwardedValues(b5 -> b5
.cookies(cp -> cp
.forward(ItemSelection.NONE))
.queryString(true))
.trustedKeyGroups(b3 -> b3
.quantity(1)
.items(keyGroupId)
.enabled(true))
.allowedMethods(b4 -> b4
.quantity(2)
.items(Method.HEAD, Method.GET)
.cachedMethods(b5 -> b5
.quantity(2)
.items(Method.HEAD,
Method.GET))))
.cacheBehaviors(b -> b
.quantity(1)
.items(b2 -> b2
.pathPattern("/index.html")
.viewerProtocolPolicy(
ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.trustedKeyGroups(b3 -> b3
.quantity(1)
.items(keyGroupId)
.enabled(true))
.minTTL(200L)
.forwardedValues(b4 -> b4
.cookies(cp -> cp
.forward(ItemSelection.NONE))
.queryString(true))
.allowedMethods(b5 -> b5.quantity(2)
.items(Method.HEAD,
Method.GET)
.cachedMethods(b6 -> b6
.quantity(2)
.items(Method.HEAD,
Method.GET)))))
.enabled(true)
.comment("Distribution built with java")
.callerReference(Instant.now().toString())));
final Distribution distribution = createDistResponse.distribution();
logger.info("Distribution created. DomainName: [{}] Id: [{}]", distribution.domainName(),
distribution.id());
logger.info("Waiting for distribution to be deployed ...");
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distribution.id()))
.matched();
responseOrException.response()
.orElseThrow(() -> new RuntimeException("Distribution not created"));
logger.info("Distribution deployed. DomainName: [{}] Id: [{}]", distribution.domainName(),
distribution.id());
}
return distribution;
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS SDK for Java 2.x API 參考》**中的 [CreateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistribution)。
### `CreateFunction`
以下程式碼範例顯示如何使用 `CreateFunction`。
**SDK for Java 2.x**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中設定和執行。
```
import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CloudFrontException;
import software.amazon.awssdk.services.cloudfront.model.CreateFunctionRequest;
import software.amazon.awssdk.services.cloudfront.model.CreateFunctionResponse;
import software.amazon.awssdk.services.cloudfront.model.FunctionConfig;
import software.amazon.awssdk.services.cloudfront.model.FunctionRuntime;
import java.io.InputStream;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateFunction {
public static void main(String[] args) {
final String usage = """
Usage:
Where:
functionName - The name of the function to create.\s
filePath - The path to a file that contains the application logic for the function.\s
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String functionName = args[0];
String filePath = args[1];
CloudFrontClient cloudFrontClient = CloudFrontClient.builder()
.region(Region.AWS_GLOBAL)
.build();
String funArn = createNewFunction(cloudFrontClient, functionName, filePath);
System.out.println("The function ARN is " + funArn);
cloudFrontClient.close();
}
public static String createNewFunction(CloudFrontClient cloudFrontClient, String functionName, String filePath) {
try {
InputStream fileIs = CreateFunction.class.getClassLoader().getResourceAsStream(filePath);
SdkBytes functionCode = SdkBytes.fromInputStream(fileIs);
FunctionConfig config = FunctionConfig.builder()
.comment("Created by using the CloudFront Java API")
.runtime(FunctionRuntime.CLOUDFRONT_JS_1_0)
.build();
CreateFunctionRequest functionRequest = CreateFunctionRequest.builder()
.name(functionName)
.functionCode(functionCode)
.functionConfig(config)
.build();
CreateFunctionResponse response = cloudFrontClient.createFunction(functionRequest);
return response.functionSummary().functionMetadata().functionARN();
} catch (CloudFrontException e) {
System.err.println(e.getMessage());
System.exit(1);
}
return "";
}
}
```
+ 如需 API 詳細資訊,請參閱《*AWS SDK for Java 2.x API 參考*》中的「[CreateFunction](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateFunction)」。
### `CreateKeyGroup`
以下程式碼範例顯示如何使用 `CreateKeyGroup`。
**SDK for Java 2.x**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中設定和執行。
金鑰群組需要至少一個用於驗證已簽署 URL 或 Cookie 的公有金鑰。
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import java.util.UUID;
public class CreateKeyGroup {
private static final Logger logger = LoggerFactory.getLogger(CreateKeyGroup.class);
public static String createKeyGroup(CloudFrontClient cloudFrontClient, String publicKeyId) {
String keyGroupId = cloudFrontClient.createKeyGroup(b -> b.keyGroupConfig(c -> c
.items(publicKeyId)
.name("JavaKeyGroup" + UUID.randomUUID())))
.keyGroup().id();
logger.info("KeyGroup created with ID: [{}]", keyGroupId);
return keyGroupId;
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS SDK for Java 2.x API 參考》**中的 [CreateKeyGroup](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateKeyGroup)。
### `CreatePublicKey`
以下程式碼範例顯示如何使用 `CreatePublicKey`。
**SDK for Java 2.x**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中設定和執行。
下列程式碼範例讀取公有金鑰,並將其上傳至 Amazon CloudFront。
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreatePublicKeyResponse;
import software.amazon.awssdk.utils.IoUtils;
import java.io.IOException;
import java.io.InputStream;
import java.util.UUID;
public class CreatePublicKey {
private static final Logger logger = LoggerFactory.getLogger(CreatePublicKey.class);
public static String createPublicKey(CloudFrontClient cloudFrontClient, String publicKeyFileName) {
try (InputStream is = CreatePublicKey.class.getClassLoader().getResourceAsStream(publicKeyFileName)) {
String publicKeyString = IoUtils.toUtf8String(is);
CreatePublicKeyResponse createPublicKeyResponse = cloudFrontClient
.createPublicKey(b -> b.publicKeyConfig(c -> c
.name("JavaCreatedPublicKey" + UUID.randomUUID())
.encodedKey(publicKeyString)
.callerReference(UUID.randomUUID().toString())));
String createdPublicKeyId = createPublicKeyResponse.publicKey().id();
logger.info("Public key created with id: [{}]", createdPublicKeyId);
return createdPublicKeyId;
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS SDK for Java 2.x API 參考》**中的 [CreatePublicKey](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreatePublicKey)。
### `DeleteDistribution`
以下程式碼範例顯示如何使用 `DeleteDistribution`。
**SDK for Java 2.x**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中設定和執行。
下列程式碼範例將分佈更新為*已停用*、使用等待部署變更的等待程式,然後刪除分佈。
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.core.internal.waiters.ResponseOrException;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.DeleteDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionConfig;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter;
public class DeleteDistribution {
private static final Logger logger = LoggerFactory.getLogger(DeleteDistribution.class);
public static void deleteDistribution(final CloudFrontClient cloudFrontClient, final String distributionId) {
// First, disable the distribution by updating it.
GetDistributionResponse response = cloudFrontClient.getDistribution(b -> b
.id(distributionId));
String etag = response.eTag();
DistributionConfig distConfig = response.distribution().distributionConfig();
cloudFrontClient.updateDistribution(builder -> builder
.id(distributionId)
.distributionConfig(builder1 -> builder1
.cacheBehaviors(distConfig.cacheBehaviors())
.defaultCacheBehavior(distConfig.defaultCacheBehavior())
.enabled(false)
.origins(distConfig.origins())
.comment(distConfig.comment())
.callerReference(distConfig.callerReference())
.defaultCacheBehavior(distConfig.defaultCacheBehavior())
.priceClass(distConfig.priceClass())
.aliases(distConfig.aliases())
.logging(distConfig.logging())
.defaultRootObject(distConfig.defaultRootObject())
.customErrorResponses(distConfig.customErrorResponses())
.httpVersion(distConfig.httpVersion())
.isIPV6Enabled(distConfig.isIPV6Enabled())
.restrictions(distConfig.restrictions())
.viewerCertificate(distConfig.viewerCertificate())
.webACLId(distConfig.webACLId())
.originGroups(distConfig.originGroups()))
.ifMatch(etag));
logger.info("Distribution [{}] is DISABLED, waiting for deployment before deleting ...",
distributionId);
GetDistributionResponse distributionResponse;
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distributionId)).matched();
distributionResponse = responseOrException.response()
.orElseThrow(() -> new RuntimeException("Could not disable distribution"));
}
DeleteDistributionResponse deleteDistributionResponse = cloudFrontClient
.deleteDistribution(builder -> builder
.id(distributionId)
.ifMatch(distributionResponse.eTag()));
if (deleteDistributionResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Distribution [{}] DELETED", distributionId);
}
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS SDK for Java 2.x API 參考》**中的 [DeleteDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteDistribution)。
### `UpdateDistribution`
以下程式碼範例顯示如何使用 `UpdateDistribution`。
**SDK for Java 2.x**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中設定和執行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionRequest;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.Distribution;
import software.amazon.awssdk.services.cloudfront.model.DistributionConfig;
import software.amazon.awssdk.services.cloudfront.model.UpdateDistributionRequest;
import software.amazon.awssdk.services.cloudfront.model.CloudFrontException;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ModifyDistribution {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
id - the id value of the distribution.\s
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String id = args[0];
CloudFrontClient cloudFrontClient = CloudFrontClient.builder()
.region(Region.AWS_GLOBAL)
.build();
modDistribution(cloudFrontClient, id);
cloudFrontClient.close();
}
public static void modDistribution(CloudFrontClient cloudFrontClient, String idVal) {
try {
// Get the Distribution to modify.
GetDistributionRequest disRequest = GetDistributionRequest.builder()
.id(idVal)
.build();
GetDistributionResponse response = cloudFrontClient.getDistribution(disRequest);
Distribution disObject = response.distribution();
DistributionConfig config = disObject.distributionConfig();
// Create a new DistributionConfig object and add new values to comment and
// aliases
DistributionConfig config1 = DistributionConfig.builder()
.aliases(config.aliases()) // You can pass in new values here
.comment("New Comment")
.cacheBehaviors(config.cacheBehaviors())
.priceClass(config.priceClass())
.defaultCacheBehavior(config.defaultCacheBehavior())
.enabled(config.enabled())
.callerReference(config.callerReference())
.logging(config.logging())
.originGroups(config.originGroups())
.origins(config.origins())
.restrictions(config.restrictions())
.defaultRootObject(config.defaultRootObject())
.webACLId(config.webACLId())
.httpVersion(config.httpVersion())
.viewerCertificate(config.viewerCertificate())
.customErrorResponses(config.customErrorResponses())
.build();
UpdateDistributionRequest updateDistributionRequest = UpdateDistributionRequest.builder()
.distributionConfig(config1)
.id(disObject.id())
.ifMatch(response.eTag())
.build();
cloudFrontClient.updateDistribution(updateDistributionRequest);
} catch (CloudFrontException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS SDK for Java 2.x API 參考》**中的 [UpdateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/UpdateDistribution)。
## 案例
### 建立多租用戶分佈和分佈租用戶
下列程式碼範例示範如何使用各種組態,建立多租用戶分佈和分佈租用戶。
**SDK for Java 2.x**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中設定和執行。
下列範例示範如何使用參數和萬用字元憑證,建立多租用戶分佈。
```
import software.amazon.awssdk.core.internal.waiters.ResponseOrException;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.ConnectionMode;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.Distribution;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.HttpVersion;
import software.amazon.awssdk.services.cloudfront.model.Method;
import software.amazon.awssdk.services.cloudfront.model.SSLSupportMethod;
import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy;
import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter;
import software.amazon.awssdk.services.s3.S3Client;
import java.time.Instant;
public class CreateMultiTenantDistribution {
public static Distribution CreateMultiTenantDistributionWithCert(CloudFrontClient cloudFrontClient,
S3Client s3Client,
final String bucketName,
final String certificateArn) {
// fetch the origin info if necessary
final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers()
.get("x-amz-bucket-region").get(0);
final String originDomain = bucketName + ".s3." + region + ".amazonaws.com";
String originId = originDomain; // Use the originDomain value for the originId.
CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder
.distributionConfig(b1 -> b1
.httpVersion(HttpVersion.HTTP2)
.enabled(true)
.comment("Template Distribution with cert built with java")
.connectionMode(ConnectionMode.TENANT_ONLY)
.callerReference(Instant.now().toString())
.viewerCertificate(certBuilder -> certBuilder
.acmCertificateArn(certificateArn)
.sslSupportMethod(SSLSupportMethod.SNI_ONLY))
.origins(b2 -> b2
.quantity(1)
.items(b3 -> b3
.domainName(originDomain)
.id(originId)
.originPath("/{{tenantName}}")
.s3OriginConfig(builder4 -> builder4
.originAccessIdentity(
""))))
.tenantConfig(b5 -> b5
.parameterDefinitions(b6 -> b6
.name("tenantName")
.definition(b7 -> b7
.stringSchema(b8 -> b8
.comment("tenantName value")
.defaultValue("root")
.required(false)))))
.defaultCacheBehavior(b2 -> b2
.viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy
.allowedMethods(b4 -> b4
.quantity(2)
.items(Method.HEAD, Method.GET)))
));
final Distribution distribution = createDistResponse.distribution();
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distribution.id()))
.matched();
responseOrException.response()
.orElseThrow(() -> new RuntimeException("Distribution not created"));
}
return distribution;
}
public static Distribution CreateMultiTenantDistributionNoCert(CloudFrontClient cloudFrontClient,
S3Client s3Client,
final String bucketName) {
// fetch the origin info if necessary
final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers()
.get("x-amz-bucket-region").get(0);
final String originDomain = bucketName + ".s3." + region + ".amazonaws.com";
String originId = originDomain; // Use the originDomain value for the originId.
CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder
.distributionConfig(b1 -> b1
.httpVersion(HttpVersion.HTTP2)
.enabled(true)
.comment("Template Distribution with cert built with java")
.connectionMode(ConnectionMode.TENANT_ONLY)
.callerReference(Instant.now().toString())
.origins(b2 -> b2
.quantity(1)
.items(b3 -> b3
.domainName(originDomain)
.id(originId)
.originPath("/{{tenantName}}")
.s3OriginConfig(builder4 -> builder4
.originAccessIdentity(
""))))
.tenantConfig(b5 -> b5
.parameterDefinitions(b6 -> b6
.name("tenantName")
.definition(b7 -> b7
.stringSchema(b8 -> b8
.comment("tenantName value")
.defaultValue("root")
.required(false)))))
.defaultCacheBehavior(b2 -> b2
.viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy
.allowedMethods(b4 -> b4
.quantity(2)
.items(Method.HEAD, Method.GET)))
));
final Distribution distribution = createDistResponse.distribution();
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distribution.id()))
.matched();
responseOrException.response()
.orElseThrow(() -> new RuntimeException("Distribution not created"));
}
return distribution;
}
}
```
下列範例示範如何建立與該範本相關聯的分佈租用戶,包括使用上述宣告的參數。請注意,我們不需要在此處新增憑證資訊,因為父系範本已涵蓋我們的網域。
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantNoCert(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.enabled(false)
.name("no-cert-tenant")
);
final DistributionTenant distributionTenant = createResponse.distributionTenant();
// Then update the Route53 hosted zone to point your domain at the distribution tenant
// We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
.identifier(distributionTenant.connectionGroupId()));
route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("ChangeBatch comment")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type("CNAME")
.ttl(300L)
.resourceRecords(b4 -> b4
.value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
.action("CREATE"))
));
return distributionTenant;
}
}
```
如果從父系範本省略檢視器憑證,則需要改為在與其相關聯的租用戶上新增憑證資訊。下列範例示範如何透過涵蓋租用戶必要網域的 ACM 憑證 ARN 來執行此操作。
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantWithCert(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId,
String certificateArn) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.enabled(false)
.name("tenant-with-cert")
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.customizations(b3 -> b3
.certificate(b4 -> b4
.arn(certificateArn))) // NOTE: Cert must be in Us-East-1 and cover the domain provided in this request
);
final DistributionTenant distributionTenant = createResponse.distributionTenant();
// Then update the Route53 hosted zone to point your domain at the distribution tenant
// We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
.identifier(distributionTenant.connectionGroupId()));
route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("ChangeBatch comment")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type("CNAME")
.ttl(300L)
.resourceRecords(b4 -> b4
.value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
.action("CREATE"))
));
return distributionTenant;
}
}
```
下列範例示範如何使用 CloudFront 託管的受管憑證請求,以執行此操作。如果您還沒有流向您網域的流量,這是理想的選擇。在此情況下,我們會建立 ConnectionGroup 來產生 RoutingEndpoint。然後,我們使用 RoutingEndpoint 建立 DNS 記錄,以驗證網域擁有權,並指向 CloudFront。CloudFront 接著自動提供字符,驗證網域擁有權並建立受管憑證。
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantCfHosted(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId) throws InterruptedException {
CreateConnectionGroupResponse createConnectionGroupResponse = cloudFrontClient.createConnectionGroup(builder -> builder
.ipv6Enabled(true)
.name("cf-hosted-connection-group")
.enabled(true));
route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("cf-hosted domain validation record")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type(RRType.CNAME)
.ttl(300L)
.resourceRecords(b4 -> b4
.value(createConnectionGroupResponse.connectionGroup().routingEndpoint())))
.action("CREATE"))
));
// Give the R53 record time to propagate, if it isn't being returned by servers yet, the following call will fail
Thread.sleep(60000);
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.connectionGroupId(createConnectionGroupResponse.connectionGroup().id())
.enabled(false)
.name("cf-hosted-tenant")
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.managedCertificateRequest(b3 -> b3
.validationTokenHost(ValidationTokenHost.CLOUDFRONT)
)
);
return createResponse.distributionTenant();
}
}
```
下列範例示範如何使用自我託管的受管憑證請求,以執行此操作。如果您有流向您網域的流量,且無法容忍移轉期間出現的停機時間,則這會是理想的選擇。在此範例結束時,將會在等待網域驗證和 DNS 設定的狀態下建立租用戶。當您準備好移轉流量時,請依照步驟 [此處](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certificates.html\$1complete-domain-ownership) 完成設定。
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantSelfHosted(CloudFrontClient cloudFrontClient,
String distributionId,
String domain) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.enabled(false)
.name("self-hosted-tenant")
.managedCertificateRequest(b3 -> b3
.validationTokenHost(ValidationTokenHost.SELF_HOSTED)
.primaryDomainName(domain)
)
);
return createResponse.distributionTenant();
}
}
```
+ 如需 API 詳細資訊,請參閱《*AWS SDK for Java 2.x API 參考*》中的下列主題。
+ [CreateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistribution)
+ [CreateDistributionTenant](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistributionTenant)
### 刪除簽署資源
下列程式碼範例示範如何刪除用來存取 Amazon Simple Storage Service (Amazon S3) 儲存貯體中受限內容的資源。
**SDK for Java 2.x**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中設定和執行。
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.DeleteKeyGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.DeleteOriginAccessControlResponse;
import software.amazon.awssdk.services.cloudfront.model.DeletePublicKeyResponse;
import software.amazon.awssdk.services.cloudfront.model.GetKeyGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.GetOriginAccessControlResponse;
import software.amazon.awssdk.services.cloudfront.model.GetPublicKeyResponse;
public class DeleteSigningResources {
private static final Logger logger = LoggerFactory.getLogger(DeleteSigningResources.class);
public static void deleteOriginAccessControl(final CloudFrontClient cloudFrontClient,
final String originAccessControlId) {
GetOriginAccessControlResponse getResponse = cloudFrontClient
.getOriginAccessControl(b -> b.id(originAccessControlId));
DeleteOriginAccessControlResponse deleteResponse = cloudFrontClient.deleteOriginAccessControl(builder -> builder
.id(originAccessControlId)
.ifMatch(getResponse.eTag()));
if (deleteResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Successfully deleted Origin Access Control [{}]", originAccessControlId);
}
}
public static void deleteKeyGroup(final CloudFrontClient cloudFrontClient, final String keyGroupId) {
GetKeyGroupResponse getResponse = cloudFrontClient.getKeyGroup(b -> b.id(keyGroupId));
DeleteKeyGroupResponse deleteResponse = cloudFrontClient.deleteKeyGroup(builder -> builder
.id(keyGroupId)
.ifMatch(getResponse.eTag()));
if (deleteResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Successfully deleted Key Group [{}]", keyGroupId);
}
}
public static void deletePublicKey(final CloudFrontClient cloudFrontClient, final String publicKeyId) {
GetPublicKeyResponse getResponse = cloudFrontClient.getPublicKey(b -> b.id(publicKeyId));
DeletePublicKeyResponse deleteResponse = cloudFrontClient.deletePublicKey(builder -> builder
.id(publicKeyId)
.ifMatch(getResponse.eTag()));
if (deleteResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Successfully deleted Public Key [{}]", publicKeyId);
}
}
}
```
+ 如需 API 詳細資訊,請參閱《*AWS SDK for Java 2.x API 參考*》中的下列主題。
+ [DeleteKeyGroup](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteKeyGroup)
+ [DeleteOriginAccessControl](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteOriginAccessControl)
+ [DeletePublicKey](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeletePublicKey)
### 簽署 URL 和 Cookie
下列程式碼範例示範如何建立已簽署的 URL 和 Cookie,以允許存取受限的資源。
**SDK for Java 2.x**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)中設定和執行。
使用 [CannedSignerRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/model/CannedSignerRequest.html) 類別簽署具有*標準*政策的 URL 或 Cookie。
```
import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest;
import java.net.URL;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
public class CreateCannedPolicyRequest {
public static CannedSignerRequest createRequestForCannedPolicy(String distributionDomainName,
String fileNameToUpload,
String privateKeyFullPath, String publicKeyId) throws Exception {
String protocol = "https";
String resourcePath = "/" + fileNameToUpload;
String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString();
Instant expirationDate = Instant.now().plus(7, ChronoUnit.DAYS);
Path path = Paths.get(privateKeyFullPath);
return CannedSignerRequest.builder()
.resourceUrl(cloudFrontUrl)
.privateKey(path)
.keyPairId(publicKeyId)
.expirationDate(expirationDate)
.build();
}
}
```
使用 [CustomSignerRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/model/CustomSignerRequest.html) 類別簽署具有*自訂*政策的 URL 或 Cookie。`activeDate` 和 `ipRange` 是選用方法。
```
import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest;
import java.net.URL;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
public class CreateCustomPolicyRequest {
public static CustomSignerRequest createRequestForCustomPolicy(String distributionDomainName,
String fileNameToUpload,
String privateKeyFullPath, String publicKeyId) throws Exception {
String protocol = "https";
String resourcePath = "/" + fileNameToUpload;
String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString();
Instant expireDate = Instant.now().plus(7, ChronoUnit.DAYS);
// URL will be accessible tomorrow using the signed URL.
Instant activeDate = Instant.now().plus(1, ChronoUnit.DAYS);
Path path = Paths.get(privateKeyFullPath);
return CustomSignerRequest.builder()
.resourceUrl(cloudFrontUrl)
// .resourceUrlPattern("https://*.example.com/*") // Optional.
.privateKey(path)
.keyPairId(publicKeyId)
.expirationDate(expireDate)
.activeDate(activeDate) // Optional.
// .ipRange("192.168.0.1/24") // Optional.
.build();
}
}
```
下列範例示範如何使用 [CloudFrontUtilities](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/CloudFrontUtilities.html) 類別來產生已簽署的 URL。在 GitHub 上[檢視](https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/javav2/example_code/cloudfront/src/main/java/com/example/cloudfront/SigningUtilities.java)此程式碼範例。
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontUtilities;
import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCannedPolicy;
import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCustomPolicy;
import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest;
import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest;
import software.amazon.awssdk.services.cloudfront.url.SignedUrl;
public class SigningUtilities {
private static final Logger logger = LoggerFactory.getLogger(SigningUtilities.class);
private static final CloudFrontUtilities cloudFrontUtilities = CloudFrontUtilities.create();
public static SignedUrl signUrlForCannedPolicy(CannedSignerRequest cannedSignerRequest) {
SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCannedPolicy(cannedSignerRequest);
logger.info("Signed URL: [{}]", signedUrl.url());
return signedUrl;
}
public static SignedUrl signUrlForCustomPolicy(CustomSignerRequest customSignerRequest) {
SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCustomPolicy(customSignerRequest);
logger.info("Signed URL: [{}]", signedUrl.url());
return signedUrl;
}
public static CookiesForCannedPolicy getCookiesForCannedPolicy(CannedSignerRequest cannedSignerRequest) {
CookiesForCannedPolicy cookiesForCannedPolicy = cloudFrontUtilities
.getCookiesForCannedPolicy(cannedSignerRequest);
logger.info("Cookie EXPIRES header [{}]", cookiesForCannedPolicy.expiresHeaderValue());
logger.info("Cookie KEYPAIR header [{}]", cookiesForCannedPolicy.keyPairIdHeaderValue());
logger.info("Cookie SIGNATURE header [{}]", cookiesForCannedPolicy.signatureHeaderValue());
return cookiesForCannedPolicy;
}
public static CookiesForCustomPolicy getCookiesForCustomPolicy(CustomSignerRequest customSignerRequest) {
CookiesForCustomPolicy cookiesForCustomPolicy = cloudFrontUtilities
.getCookiesForCustomPolicy(customSignerRequest);
logger.info("Cookie POLICY header [{}]", cookiesForCustomPolicy.policyHeaderValue());
logger.info("Cookie KEYPAIR header [{}]", cookiesForCustomPolicy.keyPairIdHeaderValue());
logger.info("Cookie SIGNATURE header [{}]", cookiesForCustomPolicy.signatureHeaderValue());
return cookiesForCustomPolicy;
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS SDK for Java 2.x API 參考》**中的 [CloudFrontUtilities](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CloudFrontUtilities)。