awsdocs
diff --git a/‎.doc_gen/metadata/cloudfront_metadata.yaml
Lines changed: 50 additions & 0 deletions b/‎.doc_gen/metadata/cloudfront_metadata.yaml
Lines changed: 50 additions & 0 deletions
diff --git a/‎javav2/example_code/cloudfront/README.md
Lines changed: 14 additions & 1 deletion b/‎javav2/example_code/cloudfront/README.md
Lines changed: 14 additions & 1 deletion
diff --git a/‎javav2/example_code/cloudfront/pom.xml
Lines changed: 6 additions & 2 deletions b/‎javav2/example_code/cloudfront/pom.xml
Lines changed: 6 additions & 2 deletions
diff --git a/‎javav2/example_code/cloudfront/src/main/java/com/example/cloudfront/CreateDistributionTenant.java
Lines changed: 182 additions & 0 deletions b/‎javav2/example_code/cloudfront/src/main/java/com/example/cloudfront/CreateDistributionTenant.java
Lines changed: 182 additions & 0 deletions
@@ -80,6 +80,56 @@ cloudfront_CreateDistribution:
                 - cloudfront.java2.createdistribution.main
   services:
     cloudfront: {CreateDistribution}
+cloudfront_CreateSaasResources:
+  title: Create SaaS manager resources &AWS; SDK
+  title_abbrev: Create a multi-tenant distribution and distribution tenant
+  synopsis: create a multi-tenant distribution and distribution tenant with various configurations.
+  category: Scenarios
+  languages:
+    Java:
+      versions:
+        - sdk_version: 2
+          github: javav2/example_code/cloudfront
+          sdkguide:
+          excerpts:
+            - description: >-
+                The following example demonstrates how to create a multi-tenant distribution with parameters and wildcard certificate.
+              snippet_tags:
+                - cloudfront.java2.createmultitenantdistribution.import
+                - cloudfront.java2.createmultitenantdistribution.main
+            - description: >-
+                The following example demonstrates how to create a distribution tenant associated with that template, including utilizing the parameter we declared above.  Note that we don't need to add certificate info here because our domain is already covered by the parent template.
+              snippet_tags:
+                - cloudfront.java2.createdistributiontenant.import
+                - cloudfront.java2.createdistributiontenant.title
+                - cloudfront.java2.createdistributiontenant.nocert
+                - cloudfront.java2.createdistributiontenant.closebrace
+            - description: >-
+                If the viewer certificate was omitted from the parent template, you would need to add certificate info on the tenant(s) associated with it instead.
+                The following example demonstrates how to do so via an ACM certificate arn that covers the necessary domain for the tenant.
+              snippet_tags:
+                - cloudfront.java2.createdistributiontenant.import
+                - cloudfront.java2.createdistributiontenant.title
+                - cloudfront.java2.createdistributiontenant.withcert
+                - cloudfront.java2.createdistributiontenant.closebrace
+            - description: >-
+                The following example demonstrates how to do so with a CloudFront-hosted managed certificate request.  This is ideal if you don't already have traffic towards your domain.
+                In this case, we create a ConnectionGroup to generate a RoutingEndpoint.  Then we use that RoutingEndpoint to create DNS records which verify domain ownership and point to CloudFront. CloudFront will then automatically serve a token to validate domain ownership and create a managed certificate.
+              snippet_tags:
+                - cloudfront.java2.createdistributiontenant.import
+                - cloudfront.java2.createdistributiontenant.title
+                - cloudfront.java2.createdistributiontenant.cfhosted
+                - cloudfront.java2.createdistributiontenant.closebrace
+            - description: >-
+                The following example demonstrates how to do so with a self-hosted managed certificate request.  This is ideal if you have traffic towards your domain and can't tolerate downtime during a migration.
+                At the end of this example, the Tenant will be created in a state awaiting domain validation and DNS setup.  Follow steps [here](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certificates.html#complete-domain-ownership) to complete setup when you are ready to migrate traffic.
+              snippet_tags:
+                - cloudfront.java2.createdistributiontenant.import
+                - cloudfront.java2.createdistributiontenant.title
+                - cloudfront.java2.createdistributiontenant.selfhosted
+                - cloudfront.java2.createdistributiontenant.closebrace
+  services:
+    cloudfront: {CreateDistribution, CreateDistributionTenant}
 cloudfront_CreateKeyGroup:
   languages:
     Java:
 
@@ -45,6 +45,7 @@ Code excerpts that show you how to call individual service functions.
 Code examples that show you how to accomplish a specific task by calling multiple
 functions within the same service.
 
+- [Create a multi-tenant distribution and distribution tenant](src/main/java/com/example/cloudfront/CreateMultiTenantDistribution.java)
 - [Delete signing resources](src/main/java/com/example/cloudfront/DeleteSigningResources.java)
 - [Sign URLs and cookies](src/main/java/com/example/cloudfront/CreateCannedPolicyRequest.java)
 
@@ -62,6 +63,18 @@ functions within the same service.
 
 
 
+#### Create a multi-tenant distribution and distribution tenant
+
+This example shows you how to Create a multi-tenant distribution and distribution tenant with various configurations.
+
+
+<!--custom.scenario_prereqs.cloudfront_CreateSaasResources.start-->
+<!--custom.scenario_prereqs.cloudfront_CreateSaasResources.end-->
+
+
+<!--custom.scenarios.cloudfront_CreateSaasResources.start-->
+<!--custom.scenarios.cloudfront_CreateSaasResources.end-->
+
 #### Delete signing resources
 
 This example shows you how to delete resources that are used to gain access to restricted content in an Amazon Simple Storage Service (Amazon S3) bucket.
@@ -112,4 +125,4 @@ in the `javav2` folder.
 
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 
-SPDX-License-Identifier: Apache-2.0
+SPDX-License-Identifier: Apache-2.0
@@ -26,7 +26,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.5.2</version>
+                <version>3.5.3</version>
             </plugin>
         </plugins>
     </build>
@@ -35,7 +35,7 @@
             <dependency>
                 <groupId>software.amazon.awssdk</groupId>
                 <artifactId>bom</artifactId>
-                <version>2.31.8</version>
+                <version>2.31.78</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -67,6 +67,10 @@
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>s3control</artifactId>
         </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>route53</artifactId>
+        </dependency>
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>iam</artifactId>
 
@@ -0,0 +1,182 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package com.example.cloudfront;
+
+// snippet-start:[cloudfront.java2.createdistributiontenant.import]
+
+import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
+import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
+import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
+import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
+import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
+import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
+import software.amazon.awssdk.services.route53.Route53Client;
+import software.amazon.awssdk.services.route53.model.RRType;
+
+import java.time.Instant;
+// snippet-end:[cloudfront.java2.createdistributiontenant.import]
+
+// snippet-start:[cloudfront.java2.createdistributiontenant.title]
+public class CreateDistributionTenant {
+// snippet-end:[cloudfront.java2.createdistributiontenant.title]
+// snippet-start:[cloudfront.java2.createdistributiontenant.nocert]
+    public static DistributionTenant createDistributionTenantNoCert(CloudFrontClient cloudFrontClient,
+                                                                    Route53Client route53Client,
+                                                                    String distributionId,
+                                                                    String domain,
+                                                                    String hostedZoneId) {
+        CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
+                .distributionId(distributionId)
+                .domains(b1 -> b1
+                        .domain(domain))
+                .parameters(b2 -> b2
+                        .name("tenantName")
+                        .value("myTenant"))
+                .enabled(false)
+                .name("no-cert-tenant")
+        );
+
+        final DistributionTenant distributionTenant = createResponse.distributionTenant();
+
+        // Then update the Route53 hosted zone to point your domain at the distribution tenant
+        // We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
+        final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
+                .identifier(distributionTenant.connectionGroupId()));
+
+        route53Client.changeResourceRecordSets(builder -> builder
+                .hostedZoneId(hostedZoneId)
+                .changeBatch(b1 -> b1
+                        .comment("ChangeBatch comment")
+                        .changes(b2 -> b2
+                                .resourceRecordSet(b3 -> b3
+                                        .name(domain)
+                                        .type("CNAME")
+                                        .ttl(300L)
+                                        .resourceRecords(b4 -> b4
+                                                .value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
+                                .action("CREATE"))
+                ));
+        return distributionTenant;
+    }
+// snippet-end:[cloudfront.java2.createdistributiontenant.nocert]
+
+// snippet-start:[cloudfront.java2.createdistributiontenant.withcert]
+    public static DistributionTenant createDistributionTenantWithCert(CloudFrontClient cloudFrontClient,
+                                                                      Route53Client route53Client,
+                                                                      String distributionId,
+                                                                      String domain,
+                                                                      String hostedZoneId,
+                                                                      String certificateArn) {
+        CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
+                .distributionId(distributionId)
+                .domains(b1 -> b1
+                        .domain(domain))
+                .enabled(false)
+                .name("tenant-with-cert")
+                .parameters(b2 -> b2
+                        .name("tenantName")
+                        .value("myTenant"))
+                .customizations(b3 -> b3
+                        .certificate(b4 -> b4
+                                .arn(certificateArn))) // NOTE: Cert must be in Us-East-1 and cover the domain provided in this request
+
+        );
+
+        final DistributionTenant distributionTenant = createResponse.distributionTenant();
+
+        // Then update the Route53 hosted zone to point your domain at the distribution tenant
+        // We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
+        final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
+                .identifier(distributionTenant.connectionGroupId()));
+
+        route53Client.changeResourceRecordSets(builder -> builder
+                .hostedZoneId(hostedZoneId)
+                .changeBatch(b1 -> b1
+                        .comment("ChangeBatch comment")
+                        .changes(b2 -> b2
+                                .resourceRecordSet(b3 -> b3
+                                        .name(domain)
+                                        .type("CNAME")
+                                        .ttl(300L)
+                                        .resourceRecords(b4 -> b4
+                                                .value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
+                                .action("CREATE"))
+                ));
+        return distributionTenant;
+    }
+// snippet-end:[cloudfront.java2.createdistributiontenant.withcert]
+
+// snippet-start:[cloudfront.java2.createdistributiontenant.cfhosted]
+    public static DistributionTenant createDistributionTenantCfHosted(CloudFrontClient cloudFrontClient,
+                                                                      Route53Client route53Client,
+                                                                      String distributionId,
+                                                                      String domain,
+                                                                      String hostedZoneId) throws InterruptedException {
+        CreateConnectionGroupResponse createConnectionGroupResponse = cloudFrontClient.createConnectionGroup(builder -> builder
+                .ipv6Enabled(true)
+                .name("cf-hosted-connection-group")
+                .enabled(true));
+
+        route53Client.changeResourceRecordSets(builder -> builder
+                .hostedZoneId(hostedZoneId)
+                .changeBatch(b1 -> b1
+                        .comment("cf-hosted domain validation record")
+                        .changes(b2 -> b2
+                                .resourceRecordSet(b3 -> b3
+                                        .name(domain)
+                                        .type(RRType.CNAME)
+                                        .ttl(300L)
+                                        .resourceRecords(b4 -> b4
+                                                .value(createConnectionGroupResponse.connectionGroup().routingEndpoint())))
+                                .action("CREATE"))
+                ));
+
+        // Give the R53 record time to propagate, if it isn't being returned by servers yet, the following call will fail
+        Thread.sleep(60000);
+
+        CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
+                .distributionId(distributionId)
+                .domains(b1 -> b1
+                        .domain(domain))
+                .connectionGroupId(createConnectionGroupResponse.connectionGroup().id())
+                .enabled(false)
+                .name("cf-hosted-tenant")
+                .parameters(b2 -> b2
+                        .name("tenantName")
+                        .value("myTenant"))
+                .managedCertificateRequest(b3 -> b3
+                        .validationTokenHost(ValidationTokenHost.CLOUDFRONT)
+                )
+        );
+
+        return createResponse.distributionTenant();
+    }
+// snippet-end:[cloudfront.java2.createdistributiontenant.cfhosted]
+
+// snippet-start:[cloudfront.java2.createdistributiontenant.selfhosted]
+    public static DistributionTenant createDistributionTenantSelfHosted(CloudFrontClient cloudFrontClient,
+                                                                        String distributionId,
+                                                                        String domain) {
+        CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
+                .distributionId(distributionId)
+                .domains(b1 -> b1
+                        .domain(domain))
+                .parameters(b2 -> b2
+                        .name("tenantName")
+                        .value("myTenant"))
+                .enabled(false)
+                .name("self-hosted-tenant")
+                .managedCertificateRequest(b3 -> b3
+                        .validationTokenHost(ValidationTokenHost.SELF_HOSTED)
+                        .primaryDomainName(domain)
+                )
+        );
+
+        return createResponse.distributionTenant();
+    }
+// snippet-end:[cloudfront.java2.createdistributiontenant.selfhosted]
+
+// snippet-start:[cloudfront.java2.createdistributiontenant.closebrace]
+}
+// snippet-end:[cloudfront.java2.createdistributiontenant.closebrace]