com.amazonaws.services.cloudfront.model.ViewerCertificate Maven / Gradle / Ivy
Show all versions of aws-java-sdk-cloudfront Show documentation
/*
* Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.cloudfront.model;
import java.io.Serializable;
/**
*
* A complex type that specifies the following:
*
*
* -
*
* Which SSL/TLS certificate to use when viewers request objects using HTTPS
*
*
* -
*
* Whether you want CloudFront to use dedicated IP addresses or SNI when you're using alternate domain names in your
* object names
*
*
* -
*
* The minimum protocol version that you want CloudFront to use when communicating with viewers
*
*
*
*
* For more information, see Using an HTTPS
* Connection to Access Your Objects in the Amazon Amazon CloudFront Developer Guide.
*
*
* @see AWS API
* Documentation
*/
public class ViewerCertificate implements Serializable, Cloneable {
private Boolean cloudFrontDefaultCertificate;
private String iAMCertificateId;
private String aCMCertificateArn;
/**
*
* If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also
* specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that
* works for most clients:
*
*
* -
*
* vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from
* any viewer. However, you must request permission to use this feature, and you incur additional monthly charges.
*
*
* -
*
* sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication
* (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users'
* browsers don't support SNI, we recommend that you do one of the following:
*
*
* -
*
* Use the vip option (dedicated IP addresses) instead of sni-only.
*
*
* -
*
* Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront
* domain name of your distribution in the URLs for your objects, for example,
* https://d111111abcdef8.cloudfront.net/logo.png.
*
*
* -
*
* If you can control which browser your users use, upgrade the browser to one that supports SNI.
*
*
* -
*
* Use HTTP instead of HTTPS.
*
*
*
*
*
*
* Do not specify a value for SSLSupportMethod if you specified
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*/
private String sSLSupportMethod;
/**
*
* Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between
* viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers
* that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure,
* so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't
* support TLSv1. Note the following:
*
*
* -
*
* If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL
* protocol version is TLSv1 and can't be changed.
*
*
* -
*
* If you're using a custom certificate (if you specify a value for ACMCertificateArn or for
* IAMCertificateId) and if you're using SNI (if you specify sni-only for
* SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.
*
*
*
*/
private String minimumProtocolVersion;
/**
*
* Include one of these values to specify the following:
*
*
* -
*
* Whether you want viewers to use HTTP or HTTPS to request your objects.
*
*
* -
*
* If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the
* CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.
*
*
* -
*
* If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you
* purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the
* IAM certificate store.
*
*
*
*
* You must specify one (and only one) of the three values. Do not specify false for
* CloudFrontDefaultCertificate.
*
*
* If you want viewers to use HTTP to request your objects: Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* In addition, specify allow-all for ViewerProtocolPolicy for all of your cache
* behaviors.
*
*
* If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to
* use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:
*
*
* -
*
* If you're using an alternate domain name, such as example.com: Specify one of the following values,
* depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate
* authority:
*
*
* -
*
* <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM
* SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.
*
*
* -
*
* <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the
* ID that IAM returned when you added the certificate to the IAM certificate store.
*
*
*
*
* If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for
* SSLSupportMethod.
*
*
* If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use
* only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the
* domain name that is associated with your CloudFront distribution (
* https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then
* CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the
* value that you choose for SSLSupportMethod:
*
*
* -
*
* vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name
* and the domain name in your SSL/TLS certificate.
*
*
* -
*
* sni-only: CloudFront drops the connection with the browser without returning the object.
*
*
*
*
* -
*
* If you're using the CloudFront domain name for your distribution, such as
* d111111abcdef8.cloudfront.net : Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:
*
*
* -
*
* <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>
*
*
* -
*
* <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
*
*
*
*
* You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of
* the following values for the applicable origins:
*
*
* -
*
* <OriginProtocolPolicy>https-only<OriginProtocolPolicy>
*
*
* -
*
* <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>
*
*
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
*
*/
@Deprecated
private String certificate;
/**
*
*
* This field is deprecated. You can use one of the following: [ACMCertificateArn,
* IAMCertificateId, or CloudFrontDefaultCertificate].
*
*
*/
@Deprecated
private String certificateSource;
/**
* @param cloudFrontDefaultCertificate
*/
public void setCloudFrontDefaultCertificate(Boolean cloudFrontDefaultCertificate) {
this.cloudFrontDefaultCertificate = cloudFrontDefaultCertificate;
}
/**
* @return
*/
public Boolean getCloudFrontDefaultCertificate() {
return this.cloudFrontDefaultCertificate;
}
/**
* @param cloudFrontDefaultCertificate
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ViewerCertificate withCloudFrontDefaultCertificate(Boolean cloudFrontDefaultCertificate) {
setCloudFrontDefaultCertificate(cloudFrontDefaultCertificate);
return this;
}
/**
* @return
*/
public Boolean isCloudFrontDefaultCertificate() {
return this.cloudFrontDefaultCertificate;
}
/**
* @param iAMCertificateId
*/
public void setIAMCertificateId(String iAMCertificateId) {
this.iAMCertificateId = iAMCertificateId;
}
/**
* @return
*/
public String getIAMCertificateId() {
return this.iAMCertificateId;
}
/**
* @param iAMCertificateId
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ViewerCertificate withIAMCertificateId(String iAMCertificateId) {
setIAMCertificateId(iAMCertificateId);
return this;
}
/**
* @param aCMCertificateArn
*/
public void setACMCertificateArn(String aCMCertificateArn) {
this.aCMCertificateArn = aCMCertificateArn;
}
/**
* @return
*/
public String getACMCertificateArn() {
return this.aCMCertificateArn;
}
/**
* @param aCMCertificateArn
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ViewerCertificate withACMCertificateArn(String aCMCertificateArn) {
setACMCertificateArn(aCMCertificateArn);
return this;
}
/**
*
* If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also
* specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that
* works for most clients:
*
*
* -
*
* vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from
* any viewer. However, you must request permission to use this feature, and you incur additional monthly charges.
*
*
* -
*
* sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication
* (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users'
* browsers don't support SNI, we recommend that you do one of the following:
*
*
* -
*
* Use the vip option (dedicated IP addresses) instead of sni-only.
*
*
* -
*
* Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront
* domain name of your distribution in the URLs for your objects, for example,
* https://d111111abcdef8.cloudfront.net/logo.png.
*
*
* -
*
* If you can control which browser your users use, upgrade the browser to one that supports SNI.
*
*
* -
*
* Use HTTP instead of HTTPS.
*
*
*
*
*
*
* Do not specify a value for SSLSupportMethod if you specified
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
* @param sSLSupportMethod
* If you specify a value for ACMCertificateArn or for IAMCertificateId, you must
* also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or
* one that works for most clients:
*
* -
*
* vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS
* requests from any viewer. However, you must request permission to use this feature, and you incur
* additional monthly charges.
*
*
* -
*
* sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name
* Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If
* some of your users' browsers don't support SNI, we recommend that you do one of the following:
*
*
* -
*
* Use the vip option (dedicated IP addresses) instead of sni-only.
*
*
* -
*
* Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the
* CloudFront domain name of your distribution in the URLs for your objects, for example,
* https://d111111abcdef8.cloudfront.net/logo.png.
*
*
* -
*
* If you can control which browser your users use, upgrade the browser to one that supports SNI.
*
*
* -
*
* Use HTTP instead of HTTPS.
*
*
*
*
*
*
* Do not specify a value for SSLSupportMethod if you specified
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
* @see SSLSupportMethod
*/
public void setSSLSupportMethod(String sSLSupportMethod) {
this.sSLSupportMethod = sSLSupportMethod;
}
/**
*
* If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also
* specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that
* works for most clients:
*
*
* -
*
* vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from
* any viewer. However, you must request permission to use this feature, and you incur additional monthly charges.
*
*
* -
*
* sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication
* (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users'
* browsers don't support SNI, we recommend that you do one of the following:
*
*
* -
*
* Use the vip option (dedicated IP addresses) instead of sni-only.
*
*
* -
*
* Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront
* domain name of your distribution in the URLs for your objects, for example,
* https://d111111abcdef8.cloudfront.net/logo.png.
*
*
* -
*
* If you can control which browser your users use, upgrade the browser to one that supports SNI.
*
*
* -
*
* Use HTTP instead of HTTPS.
*
*
*
*
*
*
* Do not specify a value for SSLSupportMethod if you specified
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
* @return If you specify a value for ACMCertificateArn or for IAMCertificateId, you must
* also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients
* or one that works for most clients:
*
* -
*
* vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS
* requests from any viewer. However, you must request permission to use this feature, and you incur
* additional monthly charges.
*
*
* -
*
* sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name
* Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If
* some of your users' browsers don't support SNI, we recommend that you do one of the following:
*
*
* -
*
* Use the vip option (dedicated IP addresses) instead of sni-only.
*
*
* -
*
* Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the
* CloudFront domain name of your distribution in the URLs for your objects, for example,
* https://d111111abcdef8.cloudfront.net/logo.png.
*
*
* -
*
* If you can control which browser your users use, upgrade the browser to one that supports SNI.
*
*
* -
*
* Use HTTP instead of HTTPS.
*
*
*
*
*
*
* Do not specify a value for SSLSupportMethod if you specified
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
* @see SSLSupportMethod
*/
public String getSSLSupportMethod() {
return this.sSLSupportMethod;
}
/**
*
* If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also
* specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that
* works for most clients:
*
*
* -
*
* vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from
* any viewer. However, you must request permission to use this feature, and you incur additional monthly charges.
*
*
* -
*
* sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication
* (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users'
* browsers don't support SNI, we recommend that you do one of the following:
*
*
* -
*
* Use the vip option (dedicated IP addresses) instead of sni-only.
*
*
* -
*
* Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront
* domain name of your distribution in the URLs for your objects, for example,
* https://d111111abcdef8.cloudfront.net/logo.png.
*
*
* -
*
* If you can control which browser your users use, upgrade the browser to one that supports SNI.
*
*
* -
*
* Use HTTP instead of HTTPS.
*
*
*
*
*
*
* Do not specify a value for SSLSupportMethod if you specified
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
* @param sSLSupportMethod
* If you specify a value for ACMCertificateArn or for IAMCertificateId, you must
* also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or
* one that works for most clients:
*
* -
*
* vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS
* requests from any viewer. However, you must request permission to use this feature, and you incur
* additional monthly charges.
*
*
* -
*
* sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name
* Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If
* some of your users' browsers don't support SNI, we recommend that you do one of the following:
*
*
* -
*
* Use the vip option (dedicated IP addresses) instead of sni-only.
*
*
* -
*
* Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the
* CloudFront domain name of your distribution in the URLs for your objects, for example,
* https://d111111abcdef8.cloudfront.net/logo.png.
*
*
* -
*
* If you can control which browser your users use, upgrade the browser to one that supports SNI.
*
*
* -
*
* Use HTTP instead of HTTPS.
*
*
*
*
*
*
* Do not specify a value for SSLSupportMethod if you specified
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
* @see SSLSupportMethod
*/
public ViewerCertificate withSSLSupportMethod(String sSLSupportMethod) {
setSSLSupportMethod(sSLSupportMethod);
return this;
}
/**
*
* If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also
* specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that
* works for most clients:
*
*
* -
*
* vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from
* any viewer. However, you must request permission to use this feature, and you incur additional monthly charges.
*
*
* -
*
* sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication
* (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users'
* browsers don't support SNI, we recommend that you do one of the following:
*
*
* -
*
* Use the vip option (dedicated IP addresses) instead of sni-only.
*
*
* -
*
* Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront
* domain name of your distribution in the URLs for your objects, for example,
* https://d111111abcdef8.cloudfront.net/logo.png.
*
*
* -
*
* If you can control which browser your users use, upgrade the browser to one that supports SNI.
*
*
* -
*
* Use HTTP instead of HTTPS.
*
*
*
*
*
*
* Do not specify a value for SSLSupportMethod if you specified
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
* @param sSLSupportMethod
* If you specify a value for ACMCertificateArn or for IAMCertificateId, you must
* also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or
* one that works for most clients:
*
* -
*
* vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS
* requests from any viewer. However, you must request permission to use this feature, and you incur
* additional monthly charges.
*
*
* -
*
* sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name
* Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If
* some of your users' browsers don't support SNI, we recommend that you do one of the following:
*
*
* -
*
* Use the vip option (dedicated IP addresses) instead of sni-only.
*
*
* -
*
* Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the
* CloudFront domain name of your distribution in the URLs for your objects, for example,
* https://d111111abcdef8.cloudfront.net/logo.png.
*
*
* -
*
* If you can control which browser your users use, upgrade the browser to one that supports SNI.
*
*
* -
*
* Use HTTP instead of HTTPS.
*
*
*
*
*
*
* Do not specify a value for SSLSupportMethod if you specified
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
* @see SSLSupportMethod
*/
public void setSSLSupportMethod(SSLSupportMethod sSLSupportMethod) {
this.sSLSupportMethod = sSLSupportMethod.toString();
}
/**
*
* If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also
* specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that
* works for most clients:
*
*
* -
*
* vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from
* any viewer. However, you must request permission to use this feature, and you incur additional monthly charges.
*
*
* -
*
* sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication
* (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users'
* browsers don't support SNI, we recommend that you do one of the following:
*
*
* -
*
* Use the vip option (dedicated IP addresses) instead of sni-only.
*
*
* -
*
* Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront
* domain name of your distribution in the URLs for your objects, for example,
* https://d111111abcdef8.cloudfront.net/logo.png.
*
*
* -
*
* If you can control which browser your users use, upgrade the browser to one that supports SNI.
*
*
* -
*
* Use HTTP instead of HTTPS.
*
*
*
*
*
*
* Do not specify a value for SSLSupportMethod if you specified
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
* @param sSLSupportMethod
* If you specify a value for ACMCertificateArn or for IAMCertificateId, you must
* also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or
* one that works for most clients:
*
* -
*
* vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS
* requests from any viewer. However, you must request permission to use this feature, and you incur
* additional monthly charges.
*
*
* -
*
* sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name
* Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If
* some of your users' browsers don't support SNI, we recommend that you do one of the following:
*
*
* -
*
* Use the vip option (dedicated IP addresses) instead of sni-only.
*
*
* -
*
* Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the
* CloudFront domain name of your distribution in the URLs for your objects, for example,
* https://d111111abcdef8.cloudfront.net/logo.png.
*
*
* -
*
* If you can control which browser your users use, upgrade the browser to one that supports SNI.
*
*
* -
*
* Use HTTP instead of HTTPS.
*
*
*
*
*
*
* Do not specify a value for SSLSupportMethod if you specified
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
* @see SSLSupportMethod
*/
public ViewerCertificate withSSLSupportMethod(SSLSupportMethod sSLSupportMethod) {
setSSLSupportMethod(sSLSupportMethod);
return this;
}
/**
*
* Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between
* viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers
* that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure,
* so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't
* support TLSv1. Note the following:
*
*
* -
*
* If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL
* protocol version is TLSv1 and can't be changed.
*
*
* -
*
* If you're using a custom certificate (if you specify a value for ACMCertificateArn or for
* IAMCertificateId) and if you're using SNI (if you specify sni-only for
* SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.
*
*
*
*
* @param minimumProtocolVersion
* Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections
* between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects
* only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1
* protocol is more secure, so we recommend that you specify SSLv3 only if your users are using
* browsers or devices that don't support TLSv1. Note the following:
*
* -
*
* If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum
* SSL protocol version is TLSv1 and can't be changed.
*
*
* -
*
* If you're using a custom certificate (if you specify a value for ACMCertificateArn or for
* IAMCertificateId) and if you're using SNI (if you specify sni-only for
* SSLSupportMethod), you must specify TLSv1 for
* MinimumProtocolVersion.
*
*
* @see MinimumProtocolVersion
*/
public void setMinimumProtocolVersion(String minimumProtocolVersion) {
this.minimumProtocolVersion = minimumProtocolVersion;
}
/**
*
* Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between
* viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers
* that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure,
* so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't
* support TLSv1. Note the following:
*
*
* -
*
* If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL
* protocol version is TLSv1 and can't be changed.
*
*
* -
*
* If you're using a custom certificate (if you specify a value for ACMCertificateArn or for
* IAMCertificateId) and if you're using SNI (if you specify sni-only for
* SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.
*
*
*
*
* @return Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections
* between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects
* only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1
* protocol is more secure, so we recommend that you specify SSLv3 only if your users are using
* browsers or devices that don't support TLSv1. Note the following:
*
* -
*
* If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum
* SSL protocol version is TLSv1 and can't be changed.
*
*
* -
*
* If you're using a custom certificate (if you specify a value for ACMCertificateArn or for
* IAMCertificateId) and if you're using SNI (if you specify sni-only for
* SSLSupportMethod), you must specify TLSv1 for
* MinimumProtocolVersion.
*
*
* @see MinimumProtocolVersion
*/
public String getMinimumProtocolVersion() {
return this.minimumProtocolVersion;
}
/**
*
* Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between
* viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers
* that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure,
* so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't
* support TLSv1. Note the following:
*
*
* -
*
* If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL
* protocol version is TLSv1 and can't be changed.
*
*
* -
*
* If you're using a custom certificate (if you specify a value for ACMCertificateArn or for
* IAMCertificateId) and if you're using SNI (if you specify sni-only for
* SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.
*
*
*
*
* @param minimumProtocolVersion
* Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections
* between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects
* only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1
* protocol is more secure, so we recommend that you specify SSLv3 only if your users are using
* browsers or devices that don't support TLSv1. Note the following:
*
* -
*
* If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum
* SSL protocol version is TLSv1 and can't be changed.
*
*
* -
*
* If you're using a custom certificate (if you specify a value for ACMCertificateArn or for
* IAMCertificateId) and if you're using SNI (if you specify sni-only for
* SSLSupportMethod), you must specify TLSv1 for
* MinimumProtocolVersion.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see MinimumProtocolVersion
*/
public ViewerCertificate withMinimumProtocolVersion(String minimumProtocolVersion) {
setMinimumProtocolVersion(minimumProtocolVersion);
return this;
}
/**
*
* Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between
* viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers
* that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure,
* so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't
* support TLSv1. Note the following:
*
*
* -
*
* If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL
* protocol version is TLSv1 and can't be changed.
*
*
* -
*
* If you're using a custom certificate (if you specify a value for ACMCertificateArn or for
* IAMCertificateId) and if you're using SNI (if you specify sni-only for
* SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.
*
*
*
*
* @param minimumProtocolVersion
* Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections
* between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects
* only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1
* protocol is more secure, so we recommend that you specify SSLv3 only if your users are using
* browsers or devices that don't support TLSv1. Note the following:
*
* -
*
* If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum
* SSL protocol version is TLSv1 and can't be changed.
*
*
* -
*
* If you're using a custom certificate (if you specify a value for ACMCertificateArn or for
* IAMCertificateId) and if you're using SNI (if you specify sni-only for
* SSLSupportMethod), you must specify TLSv1 for
* MinimumProtocolVersion.
*
*
* @see MinimumProtocolVersion
*/
public void setMinimumProtocolVersion(MinimumProtocolVersion minimumProtocolVersion) {
this.minimumProtocolVersion = minimumProtocolVersion.toString();
}
/**
*
* Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between
* viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers
* that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure,
* so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't
* support TLSv1. Note the following:
*
*
* -
*
* If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL
* protocol version is TLSv1 and can't be changed.
*
*
* -
*
* If you're using a custom certificate (if you specify a value for ACMCertificateArn or for
* IAMCertificateId) and if you're using SNI (if you specify sni-only for
* SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.
*
*
*
*
* @param minimumProtocolVersion
* Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections
* between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects
* only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1
* protocol is more secure, so we recommend that you specify SSLv3 only if your users are using
* browsers or devices that don't support TLSv1. Note the following:
*
* -
*
* If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum
* SSL protocol version is TLSv1 and can't be changed.
*
*
* -
*
* If you're using a custom certificate (if you specify a value for ACMCertificateArn or for
* IAMCertificateId) and if you're using SNI (if you specify sni-only for
* SSLSupportMethod), you must specify TLSv1 for
* MinimumProtocolVersion.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see MinimumProtocolVersion
*/
public ViewerCertificate withMinimumProtocolVersion(MinimumProtocolVersion minimumProtocolVersion) {
setMinimumProtocolVersion(minimumProtocolVersion);
return this;
}
/**
*
* Include one of these values to specify the following:
*
*
* -
*
* Whether you want viewers to use HTTP or HTTPS to request your objects.
*
*
* -
*
* If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the
* CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.
*
*
* -
*
* If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you
* purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the
* IAM certificate store.
*
*
*
*
* You must specify one (and only one) of the three values. Do not specify false for
* CloudFrontDefaultCertificate.
*
*
* If you want viewers to use HTTP to request your objects: Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* In addition, specify allow-all for ViewerProtocolPolicy for all of your cache
* behaviors.
*
*
* If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to
* use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:
*
*
* -
*
* If you're using an alternate domain name, such as example.com: Specify one of the following values,
* depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate
* authority:
*
*
* -
*
* <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM
* SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.
*
*
* -
*
* <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the
* ID that IAM returned when you added the certificate to the IAM certificate store.
*
*
*
*
* If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for
* SSLSupportMethod.
*
*
* If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use
* only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the
* domain name that is associated with your CloudFront distribution (
* https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then
* CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the
* value that you choose for SSLSupportMethod:
*
*
* -
*
* vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name
* and the domain name in your SSL/TLS certificate.
*
*
* -
*
* sni-only: CloudFront drops the connection with the browser without returning the object.
*
*
*
*
* -
*
* If you're using the CloudFront domain name for your distribution, such as
* d111111abcdef8.cloudfront.net : Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:
*
*
* -
*
* <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>
*
*
* -
*
* <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
*
*
*
*
* You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of
* the following values for the applicable origins:
*
*
* -
*
* <OriginProtocolPolicy>https-only<OriginProtocolPolicy>
*
*
* -
*
* <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>
*
*
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
*
*
* @param certificate
* Include one of these values to specify the following:
*
* -
*
* Whether you want viewers to use HTTP or HTTPS to request your objects.
*
*
* -
*
* If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the
* CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.
*
*
* -
*
* If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate,
* or you purchased a certificate from a third-party certificate authority and imported it into ACM or
* uploaded it to the IAM certificate store.
*
*
*
*
* You must specify one (and only one) of the three values. Do not specify false for
* CloudFrontDefaultCertificate.
*
*
* If you want viewers to use HTTP to request your objects: Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* In addition, specify allow-all for ViewerProtocolPolicy for all of your cache
* behaviors.
*
*
* If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you
* want to use based on whether you're using an alternate domain name for your objects or the CloudFront
* domain name:
*
*
* -
*
* If you're using an alternate domain name, such as example.com: Specify one of the following values,
* depending on whether ACM provided your certificate or you purchased your certificate from third-party
* certificate authority:
*
*
* -
*
* <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN
* for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this
* distribution.
*
*
* -
*
* <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID
* is the ID that IAM returned when you added the certificate to the IAM certificate store.
*
*
*
*
* If you specify ACMCertificateArn or IAMCertificateId, you must also specify a
* value for SSLSupportMethod.
*
*
* If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that
* you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If
* you use the domain name that is associated with your CloudFront distribution (
* https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI,
* then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience
* depends on the value that you choose for SSLSupportMethod:
*
*
* -
*
* vip: The viewer displays a warning because there is a mismatch between the CloudFront domain
* name and the domain name in your SSL/TLS certificate.
*
*
* -
*
* sni-only: CloudFront drops the connection with the browser without returning the object.
*
*
*
*
* -
*
* If you're using the CloudFront domain name for your distribution, such as
* d111111abcdef8.cloudfront.net : Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* If you want viewers to use HTTPS, you must also specify one of the following values in your cache
* behaviors:
*
*
* -
*
* <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>
*
*
* -
*
* <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
*
*
*
*
* You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying
* one of the following values for the applicable origins:
*
*
* -
*
* <OriginProtocolPolicy>https-only<OriginProtocolPolicy>
*
*
* -
*
* <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>
*
*
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
*/
@Deprecated
public void setCertificate(String certificate) {
this.certificate = certificate;
}
/**
*
* Include one of these values to specify the following:
*
*
* -
*
* Whether you want viewers to use HTTP or HTTPS to request your objects.
*
*
* -
*
* If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the
* CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.
*
*
* -
*
* If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you
* purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the
* IAM certificate store.
*
*
*
*
* You must specify one (and only one) of the three values. Do not specify false for
* CloudFrontDefaultCertificate.
*
*
* If you want viewers to use HTTP to request your objects: Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* In addition, specify allow-all for ViewerProtocolPolicy for all of your cache
* behaviors.
*
*
* If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to
* use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:
*
*
* -
*
* If you're using an alternate domain name, such as example.com: Specify one of the following values,
* depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate
* authority:
*
*
* -
*
* <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM
* SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.
*
*
* -
*
* <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the
* ID that IAM returned when you added the certificate to the IAM certificate store.
*
*
*
*
* If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for
* SSLSupportMethod.
*
*
* If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use
* only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the
* domain name that is associated with your CloudFront distribution (
* https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then
* CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the
* value that you choose for SSLSupportMethod:
*
*
* -
*
* vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name
* and the domain name in your SSL/TLS certificate.
*
*
* -
*
* sni-only: CloudFront drops the connection with the browser without returning the object.
*
*
*
*
* -
*
* If you're using the CloudFront domain name for your distribution, such as
* d111111abcdef8.cloudfront.net : Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:
*
*
* -
*
* <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>
*
*
* -
*
* <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
*
*
*
*
* You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of
* the following values for the applicable origins:
*
*
* -
*
* <OriginProtocolPolicy>https-only<OriginProtocolPolicy>
*
*
* -
*
* <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>
*
*
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
*
*
* @return Include one of these values to specify the following:
*
* -
*
* Whether you want viewers to use HTTP or HTTPS to request your objects.
*
*
* -
*
* If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or
* the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.
*
*
* -
*
* If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate,
* or you purchased a certificate from a third-party certificate authority and imported it into ACM or
* uploaded it to the IAM certificate store.
*
*
*
*
* You must specify one (and only one) of the three values. Do not specify false for
* CloudFrontDefaultCertificate.
*
*
* If you want viewers to use HTTP to request your objects: Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* In addition, specify allow-all for ViewerProtocolPolicy for all of your cache
* behaviors.
*
*
* If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you
* want to use based on whether you're using an alternate domain name for your objects or the CloudFront
* domain name:
*
*
* -
*
* If you're using an alternate domain name, such as example.com: Specify one of the following
* values, depending on whether ACM provided your certificate or you purchased your certificate from
* third-party certificate authority:
*
*
* -
*
* <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN
* for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this
* distribution.
*
*
* -
*
* <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID
* is the ID that IAM returned when you added the certificate to the IAM certificate store.
*
*
*
*
* If you specify ACMCertificateArn or IAMCertificateId, you must also specify a
* value for SSLSupportMethod.
*
*
* If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that
* you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If
* you use the domain name that is associated with your CloudFront distribution (
* https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI,
* then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience
* depends on the value that you choose for SSLSupportMethod:
*
*
* -
*
* vip: The viewer displays a warning because there is a mismatch between the CloudFront domain
* name and the domain name in your SSL/TLS certificate.
*
*
* -
*
* sni-only: CloudFront drops the connection with the browser without returning the object.
*
*
*
*
* -
*
* If you're using the CloudFront domain name for your distribution, such as
* d111111abcdef8.cloudfront.net : Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* If you want viewers to use HTTPS, you must also specify one of the following values in your cache
* behaviors:
*
*
* -
*
* <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>
*
*
* -
*
* <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
*
*
*
*
* You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying
* one of the following values for the applicable origins:
*
*
* -
*
* <OriginProtocolPolicy>https-only<OriginProtocolPolicy>
*
*
* -
*
* <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>
*
*
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
*/
@Deprecated
public String getCertificate() {
return this.certificate;
}
/**
*
* Include one of these values to specify the following:
*
*
* -
*
* Whether you want viewers to use HTTP or HTTPS to request your objects.
*
*
* -
*
* If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the
* CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.
*
*
* -
*
* If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you
* purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the
* IAM certificate store.
*
*
*
*
* You must specify one (and only one) of the three values. Do not specify false for
* CloudFrontDefaultCertificate.
*
*
* If you want viewers to use HTTP to request your objects: Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* In addition, specify allow-all for ViewerProtocolPolicy for all of your cache
* behaviors.
*
*
* If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to
* use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:
*
*
* -
*
* If you're using an alternate domain name, such as example.com: Specify one of the following values,
* depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate
* authority:
*
*
* -
*
* <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM
* SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.
*
*
* -
*
* <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the
* ID that IAM returned when you added the certificate to the IAM certificate store.
*
*
*
*
* If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for
* SSLSupportMethod.
*
*
* If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use
* only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the
* domain name that is associated with your CloudFront distribution (
* https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then
* CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the
* value that you choose for SSLSupportMethod:
*
*
* -
*
* vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name
* and the domain name in your SSL/TLS certificate.
*
*
* -
*
* sni-only: CloudFront drops the connection with the browser without returning the object.
*
*
*
*
* -
*
* If you're using the CloudFront domain name for your distribution, such as
* d111111abcdef8.cloudfront.net : Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:
*
*
* -
*
* <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>
*
*
* -
*
* <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
*
*
*
*
* You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of
* the following values for the applicable origins:
*
*
* -
*
* <OriginProtocolPolicy>https-only<OriginProtocolPolicy>
*
*
* -
*
* <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>
*
*
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
*
*
* @param certificate
* Include one of these values to specify the following:
*
* -
*
* Whether you want viewers to use HTTP or HTTPS to request your objects.
*
*
* -
*
* If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the
* CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.
*
*
* -
*
* If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate,
* or you purchased a certificate from a third-party certificate authority and imported it into ACM or
* uploaded it to the IAM certificate store.
*
*
*
*
* You must specify one (and only one) of the three values. Do not specify false for
* CloudFrontDefaultCertificate.
*
*
* If you want viewers to use HTTP to request your objects: Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* In addition, specify allow-all for ViewerProtocolPolicy for all of your cache
* behaviors.
*
*
* If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you
* want to use based on whether you're using an alternate domain name for your objects or the CloudFront
* domain name:
*
*
* -
*
* If you're using an alternate domain name, such as example.com: Specify one of the following values,
* depending on whether ACM provided your certificate or you purchased your certificate from third-party
* certificate authority:
*
*
* -
*
* <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN
* for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this
* distribution.
*
*
* -
*
* <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID
* is the ID that IAM returned when you added the certificate to the IAM certificate store.
*
*
*
*
* If you specify ACMCertificateArn or IAMCertificateId, you must also specify a
* value for SSLSupportMethod.
*
*
* If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that
* you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If
* you use the domain name that is associated with your CloudFront distribution (
* https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI,
* then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience
* depends on the value that you choose for SSLSupportMethod:
*
*
* -
*
* vip: The viewer displays a warning because there is a mismatch between the CloudFront domain
* name and the domain name in your SSL/TLS certificate.
*
*
* -
*
* sni-only: CloudFront drops the connection with the browser without returning the object.
*
*
*
*
* -
*
* If you're using the CloudFront domain name for your distribution, such as
* d111111abcdef8.cloudfront.net : Specify the following value:
*
*
* <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
*
*
* If you want viewers to use HTTPS, you must also specify one of the following values in your cache
* behaviors:
*
*
* -
*
* <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>
*
*
* -
*
* <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
*
*
*
*
* You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying
* one of the following values for the applicable origins:
*
*
* -
*
* <OriginProtocolPolicy>https-only<OriginProtocolPolicy>
*
*
* -
*
* <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>
*
*
*
*
* For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
@Deprecated
public ViewerCertificate withCertificate(String certificate) {
setCertificate(certificate);
return this;
}
/**
*
*
* This field is deprecated. You can use one of the following: [ACMCertificateArn,
* IAMCertificateId, or CloudFrontDefaultCertificate].
*
*
*
* @param certificateSource
*
* This field is deprecated. You can use one of the following: [ACMCertificateArn,
* IAMCertificateId, or CloudFrontDefaultCertificate].
*
* @see CertificateSource
*/
@Deprecated
public void setCertificateSource(String certificateSource) {
this.certificateSource = certificateSource;
}
/**
*
*
* This field is deprecated. You can use one of the following: [ACMCertificateArn,
* IAMCertificateId, or CloudFrontDefaultCertificate].
*
*
*
* @return
* This field is deprecated. You can use one of the following: [ACMCertificateArn,
* IAMCertificateId, or CloudFrontDefaultCertificate].
*
* @see CertificateSource
*/
@Deprecated
public String getCertificateSource() {
return this.certificateSource;
}
/**
*
*
* This field is deprecated. You can use one of the following: [ACMCertificateArn,
* IAMCertificateId, or CloudFrontDefaultCertificate].
*
*
*
* @param certificateSource
*
* This field is deprecated. You can use one of the following: [ACMCertificateArn,
* IAMCertificateId, or CloudFrontDefaultCertificate].
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see CertificateSource
*/
@Deprecated
public ViewerCertificate withCertificateSource(String certificateSource) {
setCertificateSource(certificateSource);
return this;
}
/**
*
*
* This field is deprecated. You can use one of the following: [ACMCertificateArn,
* IAMCertificateId, or CloudFrontDefaultCertificate].
*
*
*
* @param certificateSource
*
* This field is deprecated. You can use one of the following: [ACMCertificateArn,
* IAMCertificateId, or CloudFrontDefaultCertificate].
*
* @see CertificateSource
*/
@Deprecated
public void setCertificateSource(CertificateSource certificateSource) {
this.certificateSource = certificateSource.toString();
}
/**
*
*
* This field is deprecated. You can use one of the following: [ACMCertificateArn,
* IAMCertificateId, or CloudFrontDefaultCertificate].
*
*
*
* @param certificateSource
*
* This field is deprecated. You can use one of the following: [ACMCertificateArn,
* IAMCertificateId, or CloudFrontDefaultCertificate].
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see CertificateSource
*/
@Deprecated
public ViewerCertificate withCertificateSource(CertificateSource certificateSource) {
setCertificateSource(certificateSource);
return this;
}
/**
* Returns a string representation of this object; useful for testing and debugging.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getCloudFrontDefaultCertificate() != null)
sb.append("CloudFrontDefaultCertificate: ").append(getCloudFrontDefaultCertificate()).append(",");
if (getIAMCertificateId() != null)
sb.append("IAMCertificateId: ").append(getIAMCertificateId()).append(",");
if (getACMCertificateArn() != null)
sb.append("ACMCertificateArn: ").append(getACMCertificateArn()).append(",");
if (getSSLSupportMethod() != null)
sb.append("SSLSupportMethod: ").append(getSSLSupportMethod()).append(",");
if (getMinimumProtocolVersion() != null)
sb.append("MinimumProtocolVersion: ").append(getMinimumProtocolVersion()).append(",");
if (getCertificate() != null)
sb.append("Certificate: ").append(getCertificate()).append(",");
if (getCertificateSource() != null)
sb.append("CertificateSource: ").append(getCertificateSource());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof ViewerCertificate == false)
return false;
ViewerCertificate other = (ViewerCertificate) obj;
if (other.getCloudFrontDefaultCertificate() == null ^ this.getCloudFrontDefaultCertificate() == null)
return false;
if (other.getCloudFrontDefaultCertificate() != null && other.getCloudFrontDefaultCertificate().equals(this.getCloudFrontDefaultCertificate()) == false)
return false;
if (other.getIAMCertificateId() == null ^ this.getIAMCertificateId() == null)
return false;
if (other.getIAMCertificateId() != null && other.getIAMCertificateId().equals(this.getIAMCertificateId()) == false)
return false;
if (other.getACMCertificateArn() == null ^ this.getACMCertificateArn() == null)
return false;
if (other.getACMCertificateArn() != null && other.getACMCertificateArn().equals(this.getACMCertificateArn()) == false)
return false;
if (other.getSSLSupportMethod() == null ^ this.getSSLSupportMethod() == null)
return false;
if (other.getSSLSupportMethod() != null && other.getSSLSupportMethod().equals(this.getSSLSupportMethod()) == false)
return false;
if (other.getMinimumProtocolVersion() == null ^ this.getMinimumProtocolVersion() == null)
return false;
if (other.getMinimumProtocolVersion() != null && other.getMinimumProtocolVersion().equals(this.getMinimumProtocolVersion()) == false)
return false;
if (other.getCertificate() == null ^ this.getCertificate() == null)
return false;
if (other.getCertificate() != null && other.getCertificate().equals(this.getCertificate()) == false)
return false;
if (other.getCertificateSource() == null ^ this.getCertificateSource() == null)
return false;
if (other.getCertificateSource() != null && other.getCertificateSource().equals(this.getCertificateSource()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getCloudFrontDefaultCertificate() == null) ? 0 : getCloudFrontDefaultCertificate().hashCode());
hashCode = prime * hashCode + ((getIAMCertificateId() == null) ? 0 : getIAMCertificateId().hashCode());
hashCode = prime * hashCode + ((getACMCertificateArn() == null) ? 0 : getACMCertificateArn().hashCode());
hashCode = prime * hashCode + ((getSSLSupportMethod() == null) ? 0 : getSSLSupportMethod().hashCode());
hashCode = prime * hashCode + ((getMinimumProtocolVersion() == null) ? 0 : getMinimumProtocolVersion().hashCode());
hashCode = prime * hashCode + ((getCertificate() == null) ? 0 : getCertificate().hashCode());
hashCode = prime * hashCode + ((getCertificateSource() == null) ? 0 : getCertificateSource().hashCode());
return hashCode;
}
@Override
public ViewerCertificate clone() {
try {
return (ViewerCertificate) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e);
}
}
}