software.amazon.awssdk.services.cloudfront.model

Class ViewerCertificate

java.lang.Object

software.amazon.awssdk.services.cloudfront.model.ViewerCertificate

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<ViewerCertificate.Builder,ViewerCertificate>

@Generated(value="software.amazon.awssdk:codegen")
public final class ViewerCertificate
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<ViewerCertificate.Builder,ViewerCertificate>

A complex type that specifies the following:

• Whether you want viewers to use HTTP or HTTPS to request your objects.

• If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.

• If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.

Specify only one of the following values:

• ACMCertificateArn

• IAMCertificateId

• CloudFrontDefaultCertificate

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	ViewerCertificate.Builder

Method Summary

Modifier and Type	Method and Description
String	acmCertificateArn() If you want viewers to use HTTPS to request your objects and you're using an alternate domain name, you must choose the type of certificate that you want to use.
static ViewerCertificate.Builder	builder()
String	certificate() This field is no longer used.
CertificateSource	certificateSource() This field is no longer used.
String	certificateSourceAsString() This field is no longer used.
Boolean	cloudFrontDefaultCertificate() If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net, specify the following value:
boolean	equals(Object obj)
boolean	equalsBySdkFields(Object obj)
<T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
int	hashCode()
String	iamCertificateId() If you want viewers to use HTTPS to request your objects and you're using an alternate domain name, you must choose the type of certificate that you want to use.
MinimumProtocolVersion	minimumProtocolVersion() Specify the security policy that you want CloudFront to use for HTTPS connections.
String	minimumProtocolVersionAsString() Specify the security policy that you want CloudFront to use for HTTPS connections.
List<SdkField<?>>	sdkFields()
static Class<? extends ViewerCertificate.Builder>	serializableBuilderClass()
SSLSupportMethod	sslSupportMethod() If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for browsers and clients released after 2010 or one that works for all clients.
String	sslSupportMethodAsString() If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for browsers and clients released after 2010 or one that works for all clients.
ViewerCertificate.Builder	toBuilder()
String	toString() Returns a string representation of this object.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Detail

cloudFrontDefaultCertificate

public Boolean cloudFrontDefaultCertificate()

If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net, specify the following value:

• <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

Returns:

If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net, specify the following value:

• <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

iamCertificateId

public String iamCertificateId()

If you want viewers to use HTTPS to request your objects and you're using an alternate domain name, you must choose the type of certificate that you want to use. Specify the following value if you purchased your certificate from a third-party certificate authority:

• <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.

If you specify IAMCertificateId, you must also specify a value for SSLSupportMethod.

Returns:

If you want viewers to use HTTPS to request your objects and you're using an alternate domain name, you must choose the type of certificate that you want to use. Specify the following value if you purchased your certificate from a third-party certificate authority:

• <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.

If you specify IAMCertificateId, you must also specify a value for SSLSupportMethod.

acmCertificateArn

public String acmCertificateArn()

If you want viewers to use HTTPS to request your objects and you're using an alternate domain name, you must choose the type of certificate that you want to use. Specify the following value if ACM provided your certificate:

• <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.

If you specify ACMCertificateArn, you must also specify a value for SSLSupportMethod.

Returns:

If you want viewers to use HTTPS to request your objects and you're using an alternate domain name, you must choose the type of certificate that you want to use. Specify the following value if ACM provided your certificate:

• <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.

If you specify ACMCertificateArn, you must also specify a value for SSLSupportMethod.

sslSupportMethod

public SSLSupportMethod sslSupportMethod()

If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for browsers and clients released after 2010 or one that works for all clients.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but there are a few that don't. For a current list of the browsers that support SNI, see the Wikipedia entry Server Name Indication. To learn about options to explore if you have users with browsers that don't include SNI support, see Choosing How CloudFront Serves HTTPS Requests in the Amazon CloudFront Developer Guide.

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, there are additional monthly charges. For details, including specific pricing information, see Custom SSL options for Amazon CloudFront on the AWS marketing site.

Don't specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Choosing How CloudFront Serves HTTPS Requests in the Amazon CloudFront Developer Guide.

If the service returns an enum value that is not available in the current SDK version, sslSupportMethod will return SSLSupportMethod.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from sslSupportMethodAsString().

Returns:

If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for browsers and clients released after 2010 or one that works for all clients.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but there are a few that don't. For a current list of the browsers that support SNI, see the Wikipedia entry Server Name Indication. To learn about options to explore if you have users with browsers that don't include SNI support, see Choosing How CloudFront Serves HTTPS Requests in the Amazon CloudFront Developer Guide.

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, there are additional monthly charges. For details, including specific pricing information, see Custom SSL options for Amazon CloudFront on the AWS marketing site.

Don't specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Choosing How CloudFront Serves HTTPS Requests in the Amazon CloudFront Developer Guide.

See Also:

SSLSupportMethod

sslSupportMethodAsString

public String sslSupportMethodAsString()

If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for browsers and clients released after 2010 or one that works for all clients.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but there are a few that don't. For a current list of the browsers that support SNI, see the Wikipedia entry Server Name Indication. To learn about options to explore if you have users with browsers that don't include SNI support, see Choosing How CloudFront Serves HTTPS Requests in the Amazon CloudFront Developer Guide.

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, there are additional monthly charges. For details, including specific pricing information, see Custom SSL options for Amazon CloudFront on the AWS marketing site.

Don't specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Choosing How CloudFront Serves HTTPS Requests in the Amazon CloudFront Developer Guide.

If the service returns an enum value that is not available in the current SDK version, sslSupportMethod will return SSLSupportMethod.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from sslSupportMethodAsString().

Returns:

If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for browsers and clients released after 2010 or one that works for all clients.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but there are a few that don't. For a current list of the browsers that support SNI, see the Wikipedia entry Server Name Indication. To learn about options to explore if you have users with browsers that don't include SNI support, see Choosing How CloudFront Serves HTTPS Requests in the Amazon CloudFront Developer Guide.

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, there are additional monthly charges. For details, including specific pricing information, see Custom SSL options for Amazon CloudFront on the AWS marketing site.

Don't specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Choosing How CloudFront Serves HTTPS Requests in the Amazon CloudFront Developer Guide.

See Also:

SSLSupportMethod

minimumProtocolVersion

public MinimumProtocolVersion minimumProtocolVersion()

Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings:

• The minimum SSL/TLS protocol that CloudFront uses to communicate with viewers

• The cipher that CloudFront uses to encrypt the content that it returns to viewers

On the CloudFront console, this setting is called Security policy.

We recommend that you specify TLSv1.1_2016 unless your users are using browsers or devices that do not support TLSv1.1 or later.

When both of the following are true, you must specify TLSv1 or later for the security policy:

• You're using a custom certificate: you specified a value for ACMCertificateArn or for IAMCertificateId

• You're using SNI: you specified sni-only for SSLSupportMethod

If you specify true for CloudFrontDefaultCertificate, CloudFront automatically sets the security policy to TLSv1 regardless of the value that you specify for MinimumProtocolVersion.

For information about the relationship between the security policy that you choose and the protocols and ciphers that CloudFront uses to communicate with viewers, see Supported SSL/TLS Protocols and Ciphers for Communication Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.

If the service returns an enum value that is not available in the current SDK version, minimumProtocolVersion will return MinimumProtocolVersion.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from minimumProtocolVersionAsString().

Returns:

Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings:

• The minimum SSL/TLS protocol that CloudFront uses to communicate with viewers

• The cipher that CloudFront uses to encrypt the content that it returns to viewers

On the CloudFront console, this setting is called Security policy.

We recommend that you specify TLSv1.1_2016 unless your users are using browsers or devices that do not support TLSv1.1 or later.

When both of the following are true, you must specify TLSv1 or later for the security policy:

• You're using a custom certificate: you specified a value for ACMCertificateArn or for IAMCertificateId

• You're using SNI: you specified sni-only for SSLSupportMethod

If you specify true for CloudFrontDefaultCertificate, CloudFront automatically sets the security policy to TLSv1 regardless of the value that you specify for MinimumProtocolVersion.

For information about the relationship between the security policy that you choose and the protocols and ciphers that CloudFront uses to communicate with viewers, see Supported SSL/TLS Protocols and Ciphers for Communication Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.

See Also:

MinimumProtocolVersion

minimumProtocolVersionAsString

public String minimumProtocolVersionAsString()

Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings:

• The minimum SSL/TLS protocol that CloudFront uses to communicate with viewers

• The cipher that CloudFront uses to encrypt the content that it returns to viewers

On the CloudFront console, this setting is called Security policy.

We recommend that you specify TLSv1.1_2016 unless your users are using browsers or devices that do not support TLSv1.1 or later.

When both of the following are true, you must specify TLSv1 or later for the security policy:

• You're using a custom certificate: you specified a value for ACMCertificateArn or for IAMCertificateId

• You're using SNI: you specified sni-only for SSLSupportMethod

If you specify true for CloudFrontDefaultCertificate, CloudFront automatically sets the security policy to TLSv1 regardless of the value that you specify for MinimumProtocolVersion.

For information about the relationship between the security policy that you choose and the protocols and ciphers that CloudFront uses to communicate with viewers, see Supported SSL/TLS Protocols and Ciphers for Communication Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.

If the service returns an enum value that is not available in the current SDK version, minimumProtocolVersion will return MinimumProtocolVersion.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from minimumProtocolVersionAsString().

Returns:

Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings:

• The minimum SSL/TLS protocol that CloudFront uses to communicate with viewers

• The cipher that CloudFront uses to encrypt the content that it returns to viewers

On the CloudFront console, this setting is called Security policy.

We recommend that you specify TLSv1.1_2016 unless your users are using browsers or devices that do not support TLSv1.1 or later.

When both of the following are true, you must specify TLSv1 or later for the security policy:

• You're using a custom certificate: you specified a value for ACMCertificateArn or for IAMCertificateId

• You're using SNI: you specified sni-only for SSLSupportMethod

If you specify true for CloudFrontDefaultCertificate, CloudFront automatically sets the security policy to TLSv1 regardless of the value that you specify for MinimumProtocolVersion.

For information about the relationship between the security policy that you choose and the protocols and ciphers that CloudFront uses to communicate with viewers, see Supported SSL/TLS Protocols and Ciphers for Communication Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.

See Also:

MinimumProtocolVersion

certificate

public String certificate()

This field is no longer used. Use one of the following fields instead:

• ACMCertificateArn

• IAMCertificateId

• CloudFrontDefaultCertificate

Returns:

This field is no longer used. Use one of the following fields instead:

• ACMCertificateArn

• IAMCertificateId

• CloudFrontDefaultCertificate

certificateSource

public CertificateSource certificateSource()

This field is no longer used. Use one of the following fields instead:

• ACMCertificateArn

• IAMCertificateId

• CloudFrontDefaultCertificate

If the service returns an enum value that is not available in the current SDK version, certificateSource will return CertificateSource.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from certificateSourceAsString().

Returns:

This field is no longer used. Use one of the following fields instead:

• ACMCertificateArn

• IAMCertificateId

• CloudFrontDefaultCertificate

See Also:

CertificateSource

certificateSourceAsString

public String certificateSourceAsString()

This field is no longer used. Use one of the following fields instead:

• ACMCertificateArn

• IAMCertificateId

• CloudFrontDefaultCertificate

If the service returns an enum value that is not available in the current SDK version, certificateSource will return CertificateSource.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from certificateSourceAsString().

Returns:

This field is no longer used. Use one of the following fields instead:

• ACMCertificateArn

• IAMCertificateId

• CloudFrontDefaultCertificate

See Also:

CertificateSource

toBuilder

public ViewerCertificate.Builder toBuilder()

Specified by:

toBuilder in interface ToCopyableBuilder<ViewerCertificate.Builder,ViewerCertificate>

builder

public static ViewerCertificate.Builder builder()

serializableBuilderClass

public static Class<? extends ViewerCertificate.Builder> serializableBuilderClass()

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public boolean equalsBySdkFields(Object obj)

Specified by:

equalsBySdkFields in interface SdkPojo

toString

public String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public <T> Optional<T> getValueForField(String fieldName,
                                        Class<T> clazz)

sdkFields

public List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo