Class CloudFrontUtilities
To securely serve private content by using CloudFront, you can require that users access your private content by using special CloudFront signed URLs or signed cookies. You then develop your application either to create and distribute signed URLs to authenticated users or to send Set-Cookie headers that set signed cookies for authenticated users.
Signed URLs take precedence over signed cookies. If you use both signed URLs and signed cookies to control access to the same files and a viewer uses a signed URL to request a file, CloudFront determines whether to return the file to the viewer based only on the signed URL.
-
Method Summary
Modifier and TypeMethodDescriptionstatic CloudFrontUtilities
create()
Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document.Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document.Returns signed cookies that provides tailored access to private content based on an access time window and an ip range.Returns signed cookies that provides tailored access to private content based on an access time window and an ip range.Returns a signed URL with a canned policy that grants universal access to private content until a given date.Returns a signed URL with a canned policy that grants universal access to private content until a given date.Returns a signed URL that provides tailored access to private content based on an access time window and an ip range.Returns a signed URL that provides tailored access to private content based on an access time window and an ip range.
-
Method Details
-
create
-
getSignedUrlWithCannedPolicy
Returns a signed URL with a canned policy that grants universal access to private content until a given date. For more information, see Creating a signed URL using a canned policy.This is a convenience which creates an instance of the
CannedSignerRequest.Builder
avoiding the need to create one manually viaCannedSignerRequest.builder()
- Parameters:
request
- AConsumer
that will call methods onCannedSignerRequest.Builder
to create a request.- Returns:
- A signed URL that will permit access to a specific distribution
and S3 object.
Example Usage
//Generates signed URL String with canned policy, valid for 7 days CloudFrontUtilities utilities = CloudFrontUtilities.create(); Instant expirationDate = Instant.now().plus(Duration.ofDays(7)); String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey"; String keyPairId = "myKeyPairId"; PrivateKey privateKey = myPrivateKey; SignedUrl signedUrl = utilities.getSignedUrlWithCannedPolicy(r -> r.resourceUrl(resourceUrl) .privateKey(privateKey) .keyPairId(keyPairId) .expirationDate(expirationDate)); String url = signedUrl.url();
-
getSignedUrlWithCannedPolicy
Returns a signed URL with a canned policy that grants universal access to private content until a given date. For more information, see Creating a signed URL using a canned policy.- Parameters:
request
- ACannedSignerRequest
configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate- Returns:
- A signed URL that will permit access to a specific distribution
and S3 object.
Example Usage
//Generates signed URL String with canned policy, valid for 7 days CloudFrontUtilities utilities = CloudFrontUtilities.create(); Instant expirationDate = Instant.now().plus(Duration.ofDays(7)); String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey"; String keyPairId = "myKeyPairId"; Path keyFile = myKeyFile; CannedSignerRequest cannedRequest = CannedSignerRequest.builder() .resourceUrl(resourceUrl) .privateKey(keyFile) .keyPairId(keyPairId) .expirationDate(expirationDate) .build(); SignedUrl signedUrl = utilities.getSignedUrlWithCannedPolicy(cannedRequest); String url = signedUrl.url();
-
getSignedUrlWithCustomPolicy
Returns a signed URL that provides tailored access to private content based on an access time window and an ip range. The custom policy itself is included as part of the signed URL (For a signed URL with canned policy, there is no policy included in the signed URL). For more information, see Creating a signed URL using a custom policy.This is a convenience which creates an instance of the
CustomSignerRequest.Builder
avoiding the need to create one manually viaCustomSignerRequest.builder()
- Parameters:
request
- AConsumer
that will call methods onCustomSignerRequest.Builder
to create a request.- Returns:
- A signed URL that will permit access to distribution and S3
objects as specified in the policy document.
Example Usage
//Generates signed URL String with custom policy, with an access window that begins in 2 days and ends in 7 days, //for a specified IP range CloudFrontUtilities utilities = CloudFrontUtilities.create(); Instant expirationDate = Instant.now().plus(Duration.ofDays(7)); String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey"; String keyPairId = "myKeyPairId"; PrivateKey privateKey = myPrivateKey; Instant activeDate = Instant.now().plus(Duration.ofDays(2)); String ipRange = "192.168.0.1/24"; SignedUrl signedUrl = utilities.getSignedUrlWithCustomPolicy(r -> r.resourceUrl(resourceUrl) .privateKey(privateKey) .keyPairId(keyPairId) .expirationDate(expirationDate) .activeDate(activeDate) .ipRange(ipRange)); String url = signedUrl.url();
-
getSignedUrlWithCustomPolicy
Returns a signed URL that provides tailored access to private content based on an access time window and an ip range. The custom policy itself is included as part of the signed URL (For a signed URL with canned policy, there is no policy included in the signed URL). For more information, see Creating a signed URL using a custom policy.- Parameters:
request
- ACustomSignerRequest
configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate, activeDate (optional), ipRange (optional)- Returns:
- A signed URL that will permit access to distribution and S3
objects as specified in the policy document.
Example Usage
//Generates signed URL String with custom policy, with an access window that begins in 2 days and ends in 7 days, //for a specified IP range CloudFrontUtilities utilities = CloudFrontUtilities.create(); Instant expirationDate = Instant.now().plus(Duration.ofDays(7)); String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey"; String keyPairId = "myKeyPairId"; Path keyFile = myKeyFile; Instant activeDate = Instant.now().plus(Duration.ofDays(2)); String ipRange = "192.168.0.1/24"; CustomSignerRequest customRequest = CustomSignerRequest.builder() .resourceUrl(resourceUrl) .privateKey(keyFile) .keyPairId(keyPairId) .expirationDate(expirationDate) .activeDate(activeDate) .ipRange(ipRange) .build(); SignedUrl signedUrl = utilities.getSignedUrlWithCustomPolicy(customRequest); String url = signedUrl.url();
-
getCookiesForCannedPolicy
public CookiesForCannedPolicy getCookiesForCannedPolicy(Consumer<CannedSignerRequest.Builder> request) Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document. For more information, see Setting signed cookies using a canned policy.This is a convenience which creates an instance of the
CannedSignerRequest.Builder
avoiding the need to create one manually viaCannedSignerRequest.builder()
- Parameters:
request
- AConsumer
that will call methods onCannedSignerRequest.Builder
to create a request.- Returns:
- The signed cookies with canned policy.
Example Usage
//Generates signed Cookie for canned policy, valid for 7 days CloudFrontUtilities utilities = CloudFrontUtilities.create(); Instant expirationDate = Instant.now().plus(Duration.ofDays(7)); String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey"; String keyPairId = "myKeyPairId"; PrivateKey privateKey = myPrivateKey; CookiesForCannedPolicy cookies = utilities.getSignedCookiesForCannedPolicy(r -> r.resourceUrl(resourceUrl) .privateKey(privateKey) .keyPairId(keyPairId) .expirationDate(expirationDate)); // Generates Set-Cookie header values to send to the viewer to allow access String signatureHeaderValue = cookies.signatureHeaderValue(); String keyPairIdHeaderValue = cookies.keyPairIdHeaderValue(); String expiresHeaderValue = cookies.expiresHeaderValue();
-
getCookiesForCannedPolicy
Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document. For more information, see Setting signed cookies using a canned policy.- Parameters:
request
- ACannedSignerRequest
configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate- Returns:
- The signed cookies with canned policy.
Example Usage
//Generates signed Cookie for canned policy, valid for 7 days CloudFrontUtilities utilities = CloudFrontUtilities.create(); Instant expirationDate = Instant.now().plus(Duration.ofDays(7)); String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey"; String keyPairId = "myKeyPairId"; Path keyFile = myKeyFile; CannedSignerRequest cannedRequest = CannedSignerRequest.builder() .resourceUrl(resourceUrl) .privateKey(keyFile) .keyPairId(keyPairId) .expirationDate(expirationDate) .build(); CookiesForCannedPolicy cookies = utilities.getCookiesForCannedPolicy(cannedRequest); // Generates Set-Cookie header values to send to the viewer to allow access String signatureHeaderValue = cookies.signatureHeaderValue(); String keyPairIdHeaderValue = cookies.keyPairIdHeaderValue(); String expiresHeaderValue = cookies.expiresHeaderValue();
-
getCookiesForCustomPolicy
public CookiesForCustomPolicy getCookiesForCustomPolicy(Consumer<CustomSignerRequest.Builder> request) Returns signed cookies that provides tailored access to private content based on an access time window and an ip range. For more information, see Setting signed cookies using a custom policy.This is a convenience which creates an instance of the
CustomSignerRequest.Builder
avoiding the need to create one manually viaCustomSignerRequest.builder()
- Parameters:
request
- AConsumer
that will call methods onCustomSignerRequest.Builder
to create a request.- Returns:
- The signed cookies with custom policy.
Example Usage
//Generates signed Cookie for custom policy, with an access window that begins in 2 days and ends in 7 days, //for a specified IP range CloudFrontUtilities utilities = CloudFrontUtilities.create(); Instant expirationDate = Instant.now().plus(Duration.ofDays(7)); String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey"; String keyPairId = "myKeyPairId"; PrivateKey privateKey = myPrivateKey; Instant activeDate = Instant.now().plus(Duration.ofDays(2)); String ipRange = "192.168.0.1/24"; CookiesForCustomPolicy cookies = utilities.getCookiesForCustomPolicy(r -> r.resourceUrl(resourceUrl) .privateKey(privateKey) .keyPairId(keyPairId) .expirationDate(expirationDate) .activeDate(activeDate) .ipRange(ipRange)); // Generates Set-Cookie header values to send to the viewer to allow access String signatureHeaderValue = cookies.signatureHeaderValue(); String keyPairIdHeaderValue = cookies.keyPairIdHeaderValue(); String policyHeaderValue = cookies.policyHeaderValue();
-
getCookiesForCustomPolicy
Returns signed cookies that provides tailored access to private content based on an access time window and an ip range. For more information, see Setting signed cookies using a custom policy.- Parameters:
request
- ACustomSignerRequest
configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate, activeDate (optional), ipRange (optional)- Returns:
- The signed cookies with custom policy.
Example Usage
//Generates signed Cookie for custom policy, with an access window that begins in 2 days and ends in 7 days, //for a specified IP range CloudFrontUtilities utilities = CloudFrontUtilities.create(); Instant expirationDate = Instant.now().plus(Duration.ofDays(7)); String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey"; String keyPairId = "myKeyPairId"; Path keyFile = myKeyFile; Instant activeDate = Instant.now().plus(Duration.ofDays(2)); String ipRange = "192.168.0.1/24"; CustomSignerRequest customRequest = CustomSignerRequest.builder() .resourceUrl(resourceUrl) .privateKey(keyFile) .keyPairId(keyFile) .expirationDate(expirationDate) .activeDate(activeDate) .ipRange(ipRange) .build(); CookiesForCustomPolicy cookies = utilities.getCookiesForCustomPolicy(customRequest); // Generates Set-Cookie header values to send to the viewer to allow access String signatureHeaderValue = cookies.signatureHeaderValue(); String keyPairIdHeaderValue = cookies.keyPairIdHeaderValue(); String policyHeaderValue = cookies.policyHeaderValue();
-