Skip to content

Java: Add basic SaaS code samples for CloudFront #7501

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Java: Add basic SaaS code samples for CloudFront #7501

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8d22239
Adding basic SaaS code samples
ogiderek Jun 27, 2025
37c7f3c
Merge branch 'main' into saas-doc-updates
Dogiogi25 Jul 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 50 additions & 0 deletions .doc_gen/metadata/cloudfront_metadata.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,56 @@ cloudfront_CreateDistribution:
- cloudfront.java2.createdistribution.main
services:
cloudfront: {CreateDistribution}
cloudfront_CreateSaasResources:
title: Create SaaS manager resources &AWS; SDK
title_abbrev: Create a multi-tenant distribution and distribution tenant
synopsis: create a multi-tenant distribution and distribution tenant with various configurations.
category: Scenarios
languages:
Java:
versions:
- sdk_version: 2
github: javav2/example_code/cloudfront
sdkguide:
excerpts:
- description: >-
The following example demonstrates how to create a multi-tenant distribution with parameters and wildcard certificate.
snippet_tags:
- cloudfront.java2.createmultitenantdistribution.import
- cloudfront.java2.createmultitenantdistribution.main
- description: >-
The following example demonstrates how to create a distribution tenant associated with that template, including utilizing the parameter we declared above. Note that we don't need to add certificate info here because our domain is already covered by the parent template.
snippet_tags:
- cloudfront.java2.createdistributiontenant.import
- cloudfront.java2.createdistributiontenant.title
- cloudfront.java2.createdistributiontenant.nocert
- cloudfront.java2.createdistributiontenant.closebrace
- description: >-
If the viewer certificate was omitted from the parent template, you would need to add certificate info on the tenant(s) associated with it instead.
The following example demonstrates how to do so via an ACM certificate arn that covers the necessary domain for the tenant.
snippet_tags:
- cloudfront.java2.createdistributiontenant.import
- cloudfront.java2.createdistributiontenant.title
- cloudfront.java2.createdistributiontenant.withcert
- cloudfront.java2.createdistributiontenant.closebrace
- description: >-
The following example demonstrates how to do so with a CloudFront-hosted managed certificate request. This is ideal if you don't already have traffic towards your domain.
In this case, we create a ConnectionGroup to generate a RoutingEndpoint. Then we use that RoutingEndpoint to create DNS records which verify domain ownership and point to CloudFront. CloudFront will then automatically serve a token to validate domain ownership and create a managed certificate.
snippet_tags:
- cloudfront.java2.createdistributiontenant.import
- cloudfront.java2.createdistributiontenant.title
- cloudfront.java2.createdistributiontenant.cfhosted
- cloudfront.java2.createdistributiontenant.closebrace
- description: >-
The following example demonstrates how to do so with a self-hosted managed certificate request. This is ideal if you have traffic towards your domain and can't tolerate downtime during a migration.
At the end of this example, the Tenant will be created in a state awaiting domain validation and DNS setup. Follow steps [here](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certificates.html#complete-domain-ownership) to complete setup when you are ready to migrate traffic.
snippet_tags:
- cloudfront.java2.createdistributiontenant.import
- cloudfront.java2.createdistributiontenant.title
- cloudfront.java2.createdistributiontenant.selfhosted
- cloudfront.java2.createdistributiontenant.closebrace
services:
cloudfront: {CreateDistribution, CreateDistributionTenant}
cloudfront_CreateKeyGroup:
languages:
Java:
Expand Down
15 changes: 14 additions & 1 deletion javav2/example_code/cloudfront/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ Code excerpts that show you how to call individual service functions.
Code examples that show you how to accomplish a specific task by calling multiple
functions within the same service.

- [Create a multi-tenant distribution and distribution tenant](src/main/java/com/example/cloudfront/CreateMultiTenantDistribution.java)
- [Delete signing resources](src/main/java/com/example/cloudfront/DeleteSigningResources.java)
- [Sign URLs and cookies](src/main/java/com/example/cloudfront/CreateCannedPolicyRequest.java)

Expand All @@ -62,6 +63,18 @@ functions within the same service.



#### Create a multi-tenant distribution and distribution tenant

This example shows you how to Create a multi-tenant distribution and distribution tenant with various configurations.


<!--custom.scenario_prereqs.cloudfront_CreateSaasResources.start-->
<!--custom.scenario_prereqs.cloudfront_CreateSaasResources.end-->


<!--custom.scenarios.cloudfront_CreateSaasResources.start-->
<!--custom.scenarios.cloudfront_CreateSaasResources.end-->

#### Delete signing resources

This example shows you how to delete resources that are used to gain access to restricted content in an Amazon Simple Storage Service (Amazon S3) bucket.
Expand Down Expand Up @@ -112,4 +125,4 @@ in the `javav2` folder.

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
188 changes: 188 additions & 0 deletions ...xample_code/cloudfront/src/main/java/com/example/cloudfront/CreateDistributionTenant.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,188 @@
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package com.example.cloudfront;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems to be a lot of missing dependences.. This class does not have a main allowing users to run it either


// snippet-start:[cloudfront.java2.createdistributiontenant.import]
import software.amazon.awssdk.core.internal.waiters.ResponseOrException;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.ConnectionMode;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.Distribution;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.HttpVersion;
import software.amazon.awssdk.services.cloudfront.model.Method;
import software.amazon.awssdk.services.cloudfront.model.SSLSupportMethod;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy;
import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import software.amazon.awssdk.services.s3.S3Client;

import java.time.Instant;
// snippet-end:[cloudfront.java2.createdistributiontenant.import]

// snippet-start:[cloudfront.java2.createdistributiontenant.title]
public class CreateMultiTenantDistribution {
// snippet-end:[cloudfront.java2.createdistributiontenant.title]
// snippet-start:[cloudfront.java2.createdistributiontenant.nocert]
public static DistributionTenant createDistributionTenantNoCert(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.enabled(true)
.name("no-cert-tenant")
);

final DistributionTenant distributionTenant = createResponse.distributionTenant();

// Then update the Route53 hosted zone to point your domain at the distribution tenant
// We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
.identifier(distributionTenant.connectionGroupId()));

route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("ChangeBatch comment")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type("CNAME")
.ttl(300L)
.resourceRecords(b4 -> b4
.value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
.action("CREATE"))
));
return distributionTenant;
}
// snippet-end:[cloudfront.java2.createdistributiontenant.nocert]

// snippet-start:[cloudfront.java2.createdistributiontenant.withcert]
public static DistributionTenant createDistributionTenantWithCert(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId,
String certificateArn) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.enabled(true)
.name("tenant-with-cert")
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.customizations(b3 -> b3
.certificate(b4 -> b4
.arn(certificateArn))) // NOTE: Cert must be in Us-East-1 and cover the domain provided in this request

);

final DistributionTenant distributionTenant = createResponse.distributionTenant();

// Then update the Route53 hosted zone to point your domain at the distribution tenant
// We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
.identifier(distributionTenant.connectionGroupId()));

route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("ChangeBatch comment")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type("CNAME")
.ttl(300L)
.resourceRecords(b4 -> b4
.value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
.action("CREATE"))
));
return distributionTenant;
}
// snippet-end:[cloudfront.java2.createdistributiontenant.withcert]

// snippet-start:[cloudfront.java2.createdistributiontenant.cfhosted]
public static DistributionTenant createDistributionTenantCfHosted(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId) {
CreateConnectionGroupResponse createConnectionGroupResponse = cloudFrontClient.createConnectionGroup(builder -> builder
.ipv6Enabled(true)
.name("cf-hosted-connection-group")
.enabled(true));

route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("cf-hosted domain validation record")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type(RRType.CNAME)
.ttl(300L)
.resourceRecords(b4 -> b4
.value(createConnectionGroupResponse.connectionGroup().routingEndpoint())))
.action("CREATE"))
));

// Give the R53 record time to propagate, if it isn't being returned by servers yet, the following call will fail
sleep(60000);

CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.enabled(true)
.name("cf-hosted-tenant")
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.managedCertificateRequest(b3 -> b3
.validationTokenHost(ValidationTokenHost.SELF_HOSTED)
);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing closing parenthesis.


final DistributionTenant distributionTenant = createResponse.distributionTenant();
}
// snippet-end:[cloudfront.java2.createdistributiontenant.cfhosted]

// snippet-start:[cloudfront.java2.createdistributiontenant.selfhosted]
public static DistributionTenant createDistributionTenantSelfHosted(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.enabled(true)
.name("self-hosted-tenant")
);

return createResponse.distributionTenant();
}
// snippet-end:[cloudfront.java2.createdistributiontenant.selfhosted]

// snippet-start:[cloudfront.java2.createdistributiontenant.closebrace]
}
// snippet-end:[cloudfront.java2.createdistributiontenant.closebrace]
Loading