software.amazon.awssdk.services.cloudfront

Class CloudFrontUtilities

java.lang.Object

software.amazon.awssdk.services.cloudfront.CloudFrontUtilities

@Immutable
 @ThreadSafe
public final class CloudFrontUtilities
extends Object

Utilities for working with CloudFront distributions

To securely serve private content by using CloudFront, you can require that users access your private content by using special CloudFront signed URLs or signed cookies. You then develop your application either to create and distribute signed URLs to authenticated users or to send Set-Cookie headers that set signed cookies for authenticated users.

Signed URLs take precedence over signed cookies. If you use both signed URLs and signed cookies to control access to the same files and a viewer uses a signed URL to request a file, CloudFront determines whether to return the file to the viewer based only on the signed URL.

Method Summary

Modifier and Type	Method and Description
static CloudFrontUtilities	create()
CookiesForCannedPolicy	getCookiesForCannedPolicy(CannedSignerRequest request) Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document.
CookiesForCannedPolicy	getCookiesForCannedPolicy(Consumer<CannedSignerRequest.Builder> request) Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document.
CookiesForCustomPolicy	getCookiesForCustomPolicy(Consumer<CustomSignerRequest.Builder> request) Returns signed cookies that provides tailored access to private content based on an access time window and an ip range.
CookiesForCustomPolicy	getCookiesForCustomPolicy(CustomSignerRequest request) Returns signed cookies that provides tailored access to private content based on an access time window and an ip range.
SignedUrl	getSignedUrlWithCannedPolicy(CannedSignerRequest request) Returns a signed URL with a canned policy that grants universal access to private content until a given date.
SignedUrl	getSignedUrlWithCannedPolicy(Consumer<CannedSignerRequest.Builder> request) Returns a signed URL with a canned policy that grants universal access to private content until a given date.
SignedUrl	getSignedUrlWithCustomPolicy(Consumer<CustomSignerRequest.Builder> request) Returns a signed URL that provides tailored access to private content based on an access time window and an ip range.
SignedUrl	getSignedUrlWithCustomPolicy(CustomSignerRequest request) Returns a signed URL that provides tailored access to private content based on an access time window and an ip range.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

create

public static CloudFrontUtilities create()

getSignedUrlWithCannedPolicy

public SignedUrl getSignedUrlWithCannedPolicy(Consumer<CannedSignerRequest.Builder> request)

Returns a signed URL with a canned policy that grants universal access to private content until a given date. For more information, see Creating a signed URL using a canned policy.

This is a convenience which creates an instance of the CannedSignerRequest.Builder avoiding the need to create one manually via CannedSignerRequest.builder()

Parameters:

request - A Consumer that will call methods on CannedSignerRequest.Builder to create a request.

Returns:

A signed URL that will permit access to a specific distribution and S3 object.

Example Usage

getSignedUrlWithCannedPolicy

public SignedUrl getSignedUrlWithCannedPolicy(CannedSignerRequest request)

Returns a signed URL with a canned policy that grants universal access to private content until a given date. For more information, see Creating a signed URL using a canned policy.

Parameters:

request - A CannedSignerRequest configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate

Returns:

A signed URL that will permit access to a specific distribution and S3 object.

Example Usage

getSignedUrlWithCustomPolicy

public SignedUrl getSignedUrlWithCustomPolicy(Consumer<CustomSignerRequest.Builder> request)

Returns a signed URL that provides tailored access to private content based on an access time window and an ip range. The custom policy itself is included as part of the signed URL (For a signed URL with canned policy, there is no policy included in the signed URL). For more information, see Creating a signed URL using a custom policy.

This is a convenience which creates an instance of the CustomSignerRequest.Builder avoiding the need to create one manually via CustomSignerRequest.builder()

Parameters:

request - A Consumer that will call methods on CustomSignerRequest.Builder to create a request.

Returns:

A signed URL that will permit access to distribution and S3 objects as specified in the policy document.

Example Usage

getSignedUrlWithCustomPolicy

public SignedUrl getSignedUrlWithCustomPolicy(CustomSignerRequest request)

Returns a signed URL that provides tailored access to private content based on an access time window and an ip range. The custom policy itself is included as part of the signed URL (For a signed URL with canned policy, there is no policy included in the signed URL). For more information, see Creating a signed URL using a custom policy.

Parameters:

request - A CustomSignerRequest configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate, activeDate (optional), ipRange (optional)

Returns:

A signed URL that will permit access to distribution and S3 objects as specified in the policy document.

Example Usage

getCookiesForCannedPolicy

public CookiesForCannedPolicy getCookiesForCannedPolicy(Consumer<CannedSignerRequest.Builder> request)

Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document. For more information, see Setting signed cookies using a canned policy.

This is a convenience which creates an instance of the CannedSignerRequest.Builder avoiding the need to create one manually via CannedSignerRequest.builder()

Parameters:

request - A Consumer that will call methods on CannedSignerRequest.Builder to create a request.

Returns:

The signed cookies with canned policy.

Example Usage

getCookiesForCannedPolicy

public CookiesForCannedPolicy getCookiesForCannedPolicy(CannedSignerRequest request)

Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document. For more information, see Setting signed cookies using a canned policy.

Parameters:

request - A CannedSignerRequest configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate

Returns:

The signed cookies with canned policy.

Example Usage

getCookiesForCustomPolicy

public CookiesForCustomPolicy getCookiesForCustomPolicy(Consumer<CustomSignerRequest.Builder> request)

Returns signed cookies that provides tailored access to private content based on an access time window and an ip range. For more information, see Setting signed cookies using a custom policy.

This is a convenience which creates an instance of the CustomSignerRequest.Builder avoiding the need to create one manually via CustomSignerRequest.builder()

Parameters:

request - A Consumer that will call methods on CustomSignerRequest.Builder to create a request.

Returns:

The signed cookies with custom policy.

Example Usage

getCookiesForCustomPolicy

public CookiesForCustomPolicy getCookiesForCustomPolicy(CustomSignerRequest request)

Returns signed cookies that provides tailored access to private content based on an access time window and an ip range. For more information, see Setting signed cookies using a custom policy.

Parameters:

request - A CustomSignerRequest configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate, activeDate (optional), ipRange (optional)

Returns:

The signed cookies with custom policy.

Example Usage