Package software.amazon.awssdk.services.cloudfront

Class CloudFrontUtilities

java.lang.Object

software.amazon.awssdk.services.cloudfront.CloudFrontUtilities

@Immutable
@ThreadSafe
public final class CloudFrontUtilities
extends Object

Utilities for working with CloudFront distributions

To securely serve private content by using CloudFront, you can require that users access your private content by using special CloudFront signed URLs or signed cookies. You then develop your application either to create and distribute signed URLs to authenticated users or to send Set-Cookie headers that set signed cookies for authenticated users.

Signed URLs take precedence over signed cookies. If you use both signed URLs and signed cookies to control access to the same files and a viewer uses a signed URL to request a file, CloudFront determines whether to return the file to the viewer based only on the signed URL.

Method Summary

Modifier and Type	Method	Description
static CloudFrontUtilities	create()
CookiesForCannedPolicy	getCookiesForCannedPolicy(Consumer<CannedSignerRequest.Builder> request)	Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document.
CookiesForCannedPolicy	getCookiesForCannedPolicy(CannedSignerRequest request)	Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document.
CookiesForCustomPolicy	getCookiesForCustomPolicy(Consumer<CustomSignerRequest.Builder> request)	Returns signed cookies that provides tailored access to private content based on an access time window and an ip range.
CookiesForCustomPolicy	getCookiesForCustomPolicy(CustomSignerRequest request)	Returns signed cookies that provides tailored access to private content based on an access time window and an ip range.
SignedUrl	getSignedUrlWithCannedPolicy(Consumer<CannedSignerRequest.Builder> request)	Returns a signed URL with a canned policy that grants universal access to private content until a given date.
SignedUrl	getSignedUrlWithCannedPolicy(CannedSignerRequest request)	Returns a signed URL with a canned policy that grants universal access to private content until a given date.
SignedUrl	getSignedUrlWithCustomPolicy(Consumer<CustomSignerRequest.Builder> request)	Returns a signed URL that provides tailored access to private content based on an access time window and an ip range.
SignedUrl	getSignedUrlWithCustomPolicy(CustomSignerRequest request)	Returns a signed URL that provides tailored access to private content based on an access time window and an ip range.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

create

public static CloudFrontUtilities create()

getSignedUrlWithCannedPolicy

public SignedUrl getSignedUrlWithCannedPolicy(Consumer<CannedSignerRequest.Builder> request)

Returns a signed URL with a canned policy that grants universal access to private content until a given date. For more information, see Creating a signed URL using a canned policy.

This is a convenience which creates an instance of the CannedSignerRequest.Builder avoiding the need to create one manually via CannedSignerRequest.builder()

Parameters:

request - A Consumer that will call methods on CannedSignerRequest.Builder to create a request.

Returns:

A signed URL that will permit access to a specific distribution and S3 object.

Example Usage

    //Generates signed URL String with canned policy, valid for 7 days
    CloudFrontUtilities utilities = CloudFrontUtilities.create();

    Instant expirationDate = Instant.now().plus(Duration.ofDays(7));
    String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey";
    String keyPairId = "myKeyPairId";
    PrivateKey privateKey = myPrivateKey;

    SignedUrl signedUrl = utilities.getSignedUrlWithCannedPolicy(r -> r.resourceUrl(resourceUrl)
                                                                       .privateKey(privateKey)
                                                                       .keyPairId(keyPairId)
                                                                       .expirationDate(expirationDate));
    String url = signedUrl.url();

getSignedUrlWithCannedPolicy

public SignedUrl getSignedUrlWithCannedPolicy(CannedSignerRequest request)

Returns a signed URL with a canned policy that grants universal access to private content until a given date. For more information, see Creating a signed URL using a canned policy.

Parameters:

request - A CannedSignerRequest configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate

Returns:

A signed URL that will permit access to a specific distribution and S3 object.

Example Usage

    //Generates signed URL String with canned policy, valid for 7 days
    CloudFrontUtilities utilities = CloudFrontUtilities.create();

    Instant expirationDate = Instant.now().plus(Duration.ofDays(7));
    String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey";
    String keyPairId = "myKeyPairId";
    Path keyFile = myKeyFile;

    CannedSignerRequest cannedRequest = CannedSignerRequest.builder()
                                                           .resourceUrl(resourceUrl)
                                                           .privateKey(keyFile)
                                                           .keyPairId(keyPairId)
                                                           .expirationDate(expirationDate)
                                                           .build();
    SignedUrl signedUrl = utilities.getSignedUrlWithCannedPolicy(cannedRequest);
    String url = signedUrl.url();

getSignedUrlWithCustomPolicy

public SignedUrl getSignedUrlWithCustomPolicy(Consumer<CustomSignerRequest.Builder> request)

Returns a signed URL that provides tailored access to private content based on an access time window and an ip range. The custom policy itself is included as part of the signed URL (For a signed URL with canned policy, there is no policy included in the signed URL). For more information, see Creating a signed URL using a custom policy.

This is a convenience which creates an instance of the CustomSignerRequest.Builder avoiding the need to create one manually via CustomSignerRequest.builder()

Parameters:

request - A Consumer that will call methods on CustomSignerRequest.Builder to create a request.

Returns:

A signed URL that will permit access to distribution and S3 objects as specified in the policy document.

Example Usage

    //Generates signed URL String with custom policy, with an access window that begins in 2 days and ends in 7 days,
    //for a specified IP range
    CloudFrontUtilities utilities = CloudFrontUtilities.create();

    Instant expirationDate = Instant.now().plus(Duration.ofDays(7));
    String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey";
    String keyPairId = "myKeyPairId";
    PrivateKey privateKey = myPrivateKey;
    Instant activeDate = Instant.now().plus(Duration.ofDays(2));
    String ipRange = "192.168.0.1/24";

    SignedUrl signedUrl = utilities.getSignedUrlWithCustomPolicy(r -> r.resourceUrl(resourceUrl)
                                                                       .privateKey(privateKey)
                                                                       .keyPairId(keyPairId)
                                                                       .expirationDate(expirationDate)
                                                                       .activeDate(activeDate)
                                                                       .ipRange(ipRange));
    String url = signedUrl.url();

getSignedUrlWithCustomPolicy

public SignedUrl getSignedUrlWithCustomPolicy(CustomSignerRequest request)

Returns a signed URL that provides tailored access to private content based on an access time window and an ip range. The custom policy itself is included as part of the signed URL (For a signed URL with canned policy, there is no policy included in the signed URL). For more information, see Creating a signed URL using a custom policy.

Parameters:

request - A CustomSignerRequest configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate, activeDate (optional), ipRange (optional)

Returns:

A signed URL that will permit access to distribution and S3 objects as specified in the policy document.

Example Usage

    //Generates signed URL String with custom policy, with an access window that begins in 2 days and ends in 7 days,
    //for a specified IP range
    CloudFrontUtilities utilities = CloudFrontUtilities.create();

    Instant expirationDate = Instant.now().plus(Duration.ofDays(7));
    String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey";
    String keyPairId = "myKeyPairId";
    Path keyFile = myKeyFile;
    Instant activeDate = Instant.now().plus(Duration.ofDays(2));
    String ipRange = "192.168.0.1/24";

    CustomSignerRequest customRequest = CustomSignerRequest.builder()
                                                           .resourceUrl(resourceUrl)
                                                           .privateKey(keyFile)
                                                           .keyPairId(keyPairId)
                                                           .expirationDate(expirationDate)
                                                           .activeDate(activeDate)
                                                           .ipRange(ipRange)
                                                           .build();
    SignedUrl signedUrl = utilities.getSignedUrlWithCustomPolicy(customRequest);
    String url = signedUrl.url();

getCookiesForCannedPolicy

public CookiesForCannedPolicy getCookiesForCannedPolicy(Consumer<CannedSignerRequest.Builder> request)

Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document. For more information, see Setting signed cookies using a canned policy.

This is a convenience which creates an instance of the CannedSignerRequest.Builder avoiding the need to create one manually via CannedSignerRequest.builder()

Parameters:

request - A Consumer that will call methods on CannedSignerRequest.Builder to create a request.

Returns:

The signed cookies with canned policy.

Example Usage

    //Generates signed Cookie for canned policy, valid for 7 days
    CloudFrontUtilities utilities = CloudFrontUtilities.create();

    Instant expirationDate = Instant.now().plus(Duration.ofDays(7));
    String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey";
    String keyPairId = "myKeyPairId";
    PrivateKey privateKey = myPrivateKey;

    CookiesForCannedPolicy cookies = utilities.getSignedCookiesForCannedPolicy(r -> r.resourceUrl(resourceUrl)
                                                                                     .privateKey(privateKey)
                                                                                     .keyPairId(keyPairId)
                                                                                     .expirationDate(expirationDate));
    // Generates Set-Cookie header values to send to the viewer to allow access
    String signatureHeaderValue = cookies.signatureHeaderValue();
    String keyPairIdHeaderValue = cookies.keyPairIdHeaderValue();
    String expiresHeaderValue = cookies.expiresHeaderValue();

getCookiesForCannedPolicy

public CookiesForCannedPolicy getCookiesForCannedPolicy(CannedSignerRequest request)

Generate signed cookies that allows access to a specific distribution and resource path by applying access restrictions from a "canned" (simplified) policy document. For more information, see Setting signed cookies using a canned policy.

Parameters:

request - A CannedSignerRequest configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate

Returns:

The signed cookies with canned policy.

Example Usage

    //Generates signed Cookie for canned policy, valid for 7 days
    CloudFrontUtilities utilities = CloudFrontUtilities.create();

    Instant expirationDate = Instant.now().plus(Duration.ofDays(7));
    String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey";
    String keyPairId = "myKeyPairId";
    Path keyFile = myKeyFile;

    CannedSignerRequest cannedRequest = CannedSignerRequest.builder()
                                                           .resourceUrl(resourceUrl)
                                                           .privateKey(keyFile)
                                                           .keyPairId(keyPairId)
                                                           .expirationDate(expirationDate)
                                                           .build();
    CookiesForCannedPolicy cookies = utilities.getCookiesForCannedPolicy(cannedRequest);
    // Generates Set-Cookie header values to send to the viewer to allow access
    String signatureHeaderValue = cookies.signatureHeaderValue();
    String keyPairIdHeaderValue = cookies.keyPairIdHeaderValue();
    String expiresHeaderValue = cookies.expiresHeaderValue();

getCookiesForCustomPolicy

public CookiesForCustomPolicy getCookiesForCustomPolicy(Consumer<CustomSignerRequest.Builder> request)

Returns signed cookies that provides tailored access to private content based on an access time window and an ip range. For more information, see Setting signed cookies using a custom policy.

This is a convenience which creates an instance of the CustomSignerRequest.Builder avoiding the need to create one manually via CustomSignerRequest.builder()

Parameters:

request - A Consumer that will call methods on CustomSignerRequest.Builder to create a request.

Returns:

The signed cookies with custom policy.

Example Usage

    //Generates signed Cookie for custom policy, with an access window that begins in 2 days and ends in 7 days,
    //for a specified IP range
    CloudFrontUtilities utilities = CloudFrontUtilities.create();

    Instant expirationDate = Instant.now().plus(Duration.ofDays(7));
    String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey";
    String keyPairId = "myKeyPairId";
    PrivateKey privateKey = myPrivateKey;
    Instant activeDate = Instant.now().plus(Duration.ofDays(2));
    String ipRange = "192.168.0.1/24";

    CookiesForCustomPolicy cookies = utilities.getCookiesForCustomPolicy(r -> r.resourceUrl(resourceUrl)
                                                                               .privateKey(privateKey)
                                                                               .keyPairId(keyPairId)
                                                                               .expirationDate(expirationDate)
                                                                               .activeDate(activeDate)
                                                                               .ipRange(ipRange));
    // Generates Set-Cookie header values to send to the viewer to allow access
    String signatureHeaderValue = cookies.signatureHeaderValue();
    String keyPairIdHeaderValue = cookies.keyPairIdHeaderValue();
    String policyHeaderValue = cookies.policyHeaderValue();

getCookiesForCustomPolicy

public CookiesForCustomPolicy getCookiesForCustomPolicy(CustomSignerRequest request)

Returns signed cookies that provides tailored access to private content based on an access time window and an ip range. For more information, see Setting signed cookies using a custom policy.

Parameters:

request - A CustomSignerRequest configured with the following values: resourceUrl, privateKey, keyPairId, expirationDate, activeDate (optional), ipRange (optional)

Returns:

The signed cookies with custom policy.

Example Usage

    //Generates signed Cookie for custom policy, with an access window that begins in 2 days and ends in 7 days,
    //for a specified IP range
    CloudFrontUtilities utilities = CloudFrontUtilities.create();

    Instant expirationDate = Instant.now().plus(Duration.ofDays(7));
    String resourceUrl = "https://d111111abcdef8.cloudfront.net/s3ObjectKey";
    String keyPairId = "myKeyPairId";
    Path keyFile = myKeyFile;
    Instant activeDate = Instant.now().plus(Duration.ofDays(2));
    String ipRange = "192.168.0.1/24";

    CustomSignerRequest customRequest = CustomSignerRequest.builder()
                                                           .resourceUrl(resourceUrl)
                                                           .privateKey(keyFile)
                                                           .keyPairId(keyFile)
                                                           .expirationDate(expirationDate)
                                                           .activeDate(activeDate)
                                                           .ipRange(ipRange)
                                                           .build();
    CookiesForCustomPolicy cookies = utilities.getCookiesForCustomPolicy(customRequest);
    // Generates Set-Cookie header values to send to the viewer to allow access
    String signatureHeaderValue = cookies.signatureHeaderValue();
    String keyPairIdHeaderValue = cookies.keyPairIdHeaderValue();
    String policyHeaderValue = cookies.policyHeaderValue();