Add support for SHA 256 signed urls to CannedSignerRequest / CloudFrontUtilities

[dafriz]

Describe the feature

Current implementation is hard coded to SHA 1 but CloudFront supports 256 now.

https://aws.amazon.com/about-aws/whats-new/2026/04/amazon-cloudfront-sha-256-signed-urls/

Use Case

Would like to easily opt in to using SHA 256 for CloudFront signed urls.

Proposed Solution

An extra method in CannedSignerRequest.Builder and update CloudFrontUtilities.getSignedUrlWithCannedPolicy to use it

Other Information

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-canned-policy.html

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

AWS Java SDK version used

2.31.78

JDK version used

25.0.2

Operating System and version

Linux

[bhoradc]

Hi @dafriz

Thank you for filing this feature request. We have a similar request in #6841 and would like to track this in a single place, so marking this as a duplicate. Please follow the other issue for further updates.

I would request you to give a 👍 on the other issue description to show interest in the feature request, it helps us prioritize.

Regards,
Chaitanya