Skip to content

Commit 8d22239

Browse files
ogiderekogiderek
committed
Adding basic SaaS code samples
1 parent 9ed0108 commit 8d22239

File tree

4 files changed

+332
-1
lines changed

4 files changed

+332
-1
lines changed

.doc_gen/metadata/cloudfront_metadata.yaml

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,56 @@ cloudfront_CreateDistribution:
8080
- cloudfront.java2.createdistribution.main
8181
services:
8282
cloudfront: {CreateDistribution}
83+
cloudfront_CreateSaasResources:
84+
title: Create SaaS manager resources &AWS; SDK
85+
title_abbrev: Create a multi-tenant distribution and distribution tenant
86+
synopsis: create a multi-tenant distribution and distribution tenant with various configurations.
87+
category: Scenarios
88+
languages:
89+
Java:
90+
versions:
91+
- sdk_version: 2
92+
github: javav2/example_code/cloudfront
93+
sdkguide:
94+
excerpts:
95+
- description: >-
96+
The following example demonstrates how to create a multi-tenant distribution with parameters and wildcard certificate.
97+
snippet_tags:
98+
- cloudfront.java2.createmultitenantdistribution.import
99+
- cloudfront.java2.createmultitenantdistribution.main
100+
- description: >-
101+
The following example demonstrates how to create a distribution tenant associated with that template, including utilizing the parameter we declared above. Note that we don't need to add certificate info here because our domain is already covered by the parent template.
102+
snippet_tags:
103+
- cloudfront.java2.createdistributiontenant.import
104+
- cloudfront.java2.createdistributiontenant.title
105+
- cloudfront.java2.createdistributiontenant.nocert
106+
- cloudfront.java2.createdistributiontenant.closebrace
107+
- description: >-
108+
If the viewer certificate was omitted from the parent template, you would need to add certificate info on the tenant(s) associated with it instead.
109+
The following example demonstrates how to do so via an ACM certificate arn that covers the necessary domain for the tenant.
110+
snippet_tags:
111+
- cloudfront.java2.createdistributiontenant.import
112+
- cloudfront.java2.createdistributiontenant.title
113+
- cloudfront.java2.createdistributiontenant.withcert
114+
- cloudfront.java2.createdistributiontenant.closebrace
115+
- description: >-
116+
The following example demonstrates how to do so with a CloudFront-hosted managed certificate request. This is ideal if you don't already have traffic towards your domain.
117+
In this case, we create a ConnectionGroup to generate a RoutingEndpoint. Then we use that RoutingEndpoint to create DNS records which verify domain ownership and point to CloudFront. CloudFront will then automatically serve a token to validate domain ownership and create a managed certificate.
118+
snippet_tags:
119+
- cloudfront.java2.createdistributiontenant.import
120+
- cloudfront.java2.createdistributiontenant.title
121+
- cloudfront.java2.createdistributiontenant.cfhosted
122+
- cloudfront.java2.createdistributiontenant.closebrace
123+
- description: >-
124+
The following example demonstrates how to do so with a self-hosted managed certificate request. This is ideal if you have traffic towards your domain and can't tolerate downtime during a migration.
125+
At the end of this example, the Tenant will be created in a state awaiting domain validation and DNS setup. Follow steps [here](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certificates.html#complete-domain-ownership) to complete setup when you are ready to migrate traffic.
126+
snippet_tags:
127+
- cloudfront.java2.createdistributiontenant.import
128+
- cloudfront.java2.createdistributiontenant.title
129+
- cloudfront.java2.createdistributiontenant.selfhosted
130+
- cloudfront.java2.createdistributiontenant.closebrace
131+
services:
132+
cloudfront: {CreateDistribution, CreateDistributionTenant}
83133
cloudfront_CreateKeyGroup:
84134
languages:
85135
Java:

javav2/example_code/cloudfront/README.md

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@ Code excerpts that show you how to call individual service functions.
4545
Code examples that show you how to accomplish a specific task by calling multiple
4646
functions within the same service.
4747

48+
- [Create a multi-tenant distribution and distribution tenant](src/main/java/com/example/cloudfront/CreateMultiTenantDistribution.java)
4849
- [Delete signing resources](src/main/java/com/example/cloudfront/DeleteSigningResources.java)
4950
- [Sign URLs and cookies](src/main/java/com/example/cloudfront/CreateCannedPolicyRequest.java)
5051

@@ -62,6 +63,18 @@ functions within the same service.
6263

6364

6465

66+
#### Create a multi-tenant distribution and distribution tenant
67+
68+
This example shows you how to Create a multi-tenant distribution and distribution tenant with various configurations.
69+
70+
71+
<!--custom.scenario_prereqs.cloudfront_CreateSaasResources.start-->
72+
<!--custom.scenario_prereqs.cloudfront_CreateSaasResources.end-->
73+
74+
75+
<!--custom.scenarios.cloudfront_CreateSaasResources.start-->
76+
<!--custom.scenarios.cloudfront_CreateSaasResources.end-->
77+
6578
#### Delete signing resources
6679

6780
This example shows you how to delete resources that are used to gain access to restricted content in an Amazon Simple Storage Service (Amazon S3) bucket.
@@ -112,4 +125,4 @@ in the `javav2` folder.
112125

113126
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
114127

115-
SPDX-License-Identifier: Apache-2.0
128+
SPDX-License-Identifier: Apache-2.0

javav2/example_code/cloudfront/src/main/java/com/example/cloudfront/CreateDistributionTenant.java

Lines changed: 188 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,188 @@
1+
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2+
// SPDX-License-Identifier: Apache-2.0
3+
4+
package com.example.cloudfront;
5+
6+
// snippet-start:[cloudfront.java2.createdistributiontenant.import]
7+
import software.amazon.awssdk.core.internal.waiters.ResponseOrException;
8+
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
9+
import software.amazon.awssdk.services.cloudfront.model.ConnectionMode;
10+
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
11+
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse;
12+
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
13+
import software.amazon.awssdk.services.cloudfront.model.Distribution;
14+
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
15+
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
16+
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
17+
import software.amazon.awssdk.services.cloudfront.model.HttpVersion;
18+
import software.amazon.awssdk.services.cloudfront.model.Method;
19+
import software.amazon.awssdk.services.cloudfront.model.SSLSupportMethod;
20+
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
21+
import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy;
22+
import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter;
23+
import software.amazon.awssdk.services.route53.Route53Client;
24+
import software.amazon.awssdk.services.route53.model.RRType;
25+
import software.amazon.awssdk.services.s3.S3Client;
26+
27+
import java.time.Instant;
28+
// snippet-end:[cloudfront.java2.createdistributiontenant.import]
29+
30+
// snippet-start:[cloudfront.java2.createdistributiontenant.title]
31+
public class CreateMultiTenantDistribution {
32+
// snippet-end:[cloudfront.java2.createdistributiontenant.title]
33+
// snippet-start:[cloudfront.java2.createdistributiontenant.nocert]
34+
public static DistributionTenant createDistributionTenantNoCert(CloudFrontClient cloudFrontClient,
35+
Route53Client route53Client,
36+
String distributionId,
37+
String domain,
38+
String hostedZoneId) {
39+
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
40+
.distributionId(distributionId)
41+
.domains(b1 -> b1
42+
.domain(domain))
43+
.parameters(b2 -> b2
44+
.name("tenantName")
45+
.value("myTenant"))
46+
.enabled(true)
47+
.name("no-cert-tenant")
48+
);
49+
50+
final DistributionTenant distributionTenant = createResponse.distributionTenant();
51+
52+
// Then update the Route53 hosted zone to point your domain at the distribution tenant
53+
// We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
54+
final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
55+
.identifier(distributionTenant.connectionGroupId()));
56+
57+
route53Client.changeResourceRecordSets(builder -> builder
58+
.hostedZoneId(hostedZoneId)
59+
.changeBatch(b1 -> b1
60+
.comment("ChangeBatch comment")
61+
.changes(b2 -> b2
62+
.resourceRecordSet(b3 -> b3
63+
.name(domain)
64+
.type("CNAME")
65+
.ttl(300L)
66+
.resourceRecords(b4 -> b4
67+
.value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
68+
.action("CREATE"))
69+
));
70+
return distributionTenant;
71+
}
72+
// snippet-end:[cloudfront.java2.createdistributiontenant.nocert]
73+
74+
// snippet-start:[cloudfront.java2.createdistributiontenant.withcert]
75+
public static DistributionTenant createDistributionTenantWithCert(CloudFrontClient cloudFrontClient,
76+
Route53Client route53Client,
77+
String distributionId,
78+
String domain,
79+
String hostedZoneId,
80+
String certificateArn) {
81+
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
82+
.distributionId(distributionId)
83+
.domains(b1 -> b1
84+
.domain(domain))
85+
.enabled(true)
86+
.name("tenant-with-cert")
87+
.parameters(b2 -> b2
88+
.name("tenantName")
89+
.value("myTenant"))
90+
.customizations(b3 -> b3
91+
.certificate(b4 -> b4
92+
.arn(certificateArn))) // NOTE: Cert must be in Us-East-1 and cover the domain provided in this request
93+
94+
);
95+
96+
final DistributionTenant distributionTenant = createResponse.distributionTenant();
97+
98+
// Then update the Route53 hosted zone to point your domain at the distribution tenant
99+
// We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
100+
final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
101+
.identifier(distributionTenant.connectionGroupId()));
102+
103+
route53Client.changeResourceRecordSets(builder -> builder
104+
.hostedZoneId(hostedZoneId)
105+
.changeBatch(b1 -> b1
106+
.comment("ChangeBatch comment")
107+
.changes(b2 -> b2
108+
.resourceRecordSet(b3 -> b3
109+
.name(domain)
110+
.type("CNAME")
111+
.ttl(300L)
112+
.resourceRecords(b4 -> b4
113+
.value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
114+
.action("CREATE"))
115+
));
116+
return distributionTenant;
117+
}
118+
// snippet-end:[cloudfront.java2.createdistributiontenant.withcert]
119+
120+
// snippet-start:[cloudfront.java2.createdistributiontenant.cfhosted]
121+
public static DistributionTenant createDistributionTenantCfHosted(CloudFrontClient cloudFrontClient,
122+
Route53Client route53Client,
123+
String distributionId,
124+
String domain,
125+
String hostedZoneId) {
126+
CreateConnectionGroupResponse createConnectionGroupResponse = cloudFrontClient.createConnectionGroup(builder -> builder
127+
.ipv6Enabled(true)
128+
.name("cf-hosted-connection-group")
129+
.enabled(true));
130+
131+
route53Client.changeResourceRecordSets(builder -> builder
132+
.hostedZoneId(hostedZoneId)
133+
.changeBatch(b1 -> b1
134+
.comment("cf-hosted domain validation record")
135+
.changes(b2 -> b2
136+
.resourceRecordSet(b3 -> b3
137+
.name(domain)
138+
.type(RRType.CNAME)
139+
.ttl(300L)
140+
.resourceRecords(b4 -> b4
141+
.value(createConnectionGroupResponse.connectionGroup().routingEndpoint())))
142+
.action("CREATE"))
143+
));
144+
145+
// Give the R53 record time to propagate, if it isn't being returned by servers yet, the following call will fail
146+
sleep(60000);
147+
148+
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
149+
.distributionId(distributionId)
150+
.domains(b1 -> b1
151+
.domain(domain))
152+
.enabled(true)
153+
.name("cf-hosted-tenant")
154+
.parameters(b2 -> b2
155+
.name("tenantName")
156+
.value("myTenant"))
157+
.managedCertificateRequest(b3 -> b3
158+
.validationTokenHost(ValidationTokenHost.SELF_HOSTED)
159+
);
160+
161+
final DistributionTenant distributionTenant = createResponse.distributionTenant();
162+
}
163+
// snippet-end:[cloudfront.java2.createdistributiontenant.cfhosted]
164+
165+
// snippet-start:[cloudfront.java2.createdistributiontenant.selfhosted]
166+
public static DistributionTenant createDistributionTenantSelfHosted(CloudFrontClient cloudFrontClient,
167+
Route53Client route53Client,
168+
String distributionId,
169+
String domain,
170+
String hostedZoneId) {
171+
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
172+
.distributionId(distributionId)
173+
.domains(b1 -> b1
174+
.domain(domain))
175+
.parameters(b2 -> b2
176+
.name("tenantName")
177+
.value("myTenant"))
178+
.enabled(true)
179+
.name("self-hosted-tenant")
180+
);
181+
182+
return createResponse.distributionTenant();
183+
}
184+
// snippet-end:[cloudfront.java2.createdistributiontenant.selfhosted]
185+
186+
// snippet-start:[cloudfront.java2.createdistributiontenant.closebrace]
187+
}
188+
// snippet-end:[cloudfront.java2.createdistributiontenant.closebrace]

0 commit comments

Comments
 (0)