Skip to content

Instantly share code, notes, and snippets.

@nzoschke

nzoschke/Edge CLI.md

Last active June 19, 2019 15:56
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save nzoschke/8e0e3c89b92ef9a055a277fd65c8ee9f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save nzoschke/8e0e3c89b92ef9a055a277fd65c8ee9f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Edge CLI.md

Edge CloudFront CLI

Configure and activate an AWS CLI Profile

Configure a new edge profile with your addon AWS credentials:

$ heroku config --app edgeapp
EDGE_AWS_ACCESS_KEY_ID:     AKIA...
EDGE_AWS_SECRET_ACCESS_KEY: JRHH...
EDGE_DISTRIBUTION_ID:       EJM2O0DPZ8B2Y
EDGE_URL:                   https://d1unsc88mkka3m.cloudfront.net

$ aws configure --profile edge
AWS Access Key ID [None]: AKIA...
AWS Secret Access Key [None]: JRHH...
Default region name [None]: us-east-1
Default output format [None]: json

Activate the profile:

$ export AWS_DEFAULT_PROFILE=edge

Use the CLI to inspect your distribution

Test the CLI. You can get your configuration:

$ export AWS_DEFAULT_PROFILE=edge
$ export DISTRIBUTION_ID=EJM2O0DPZ8B2Y

$ aws cloudfront get-distribution --id $DISTRIBUTION_ID
{
    "ETag": "E1H92KNENJ9W16",
    "Distribution": {
        "Id": "EJM2O0DPZ8B2Y",
        ...
    }
}

But you can not update it:

$ aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --paths '/*'
An error occurred (AccessDenied) when calling the CreateInvalidation operation: User is not authorized to perform: cloudfront:CreateInvalidation

Install AWS CLI plugin with pip

Install the AWS CLI Execute API plugin. The plugin lets you send all CloudFront Update API requests to an endpoint scoped to your Heroku addon.

If you installed awscli with Homebrew, use its bundled Python:

$ /usr/local/opt/awscli/libexec/bin/pip install --upgrade awscli-plugin-execute-api

If you installed awscli with pip, use your system Python:

$ pip install --upgrade awscli-plugin-execute-api

Configure the plugin

$ export AWS_DEFAULT_PROFILE=edge
$ aws configure set plugins.execute-api awscli_plugin_execute_api
$ aws configure set cloudfront.update-distribution https://api.edge.mixable.net/cloudfront
$ aws configure set cloudfront.create-invalidation https://api.edge.mixable.net/cloudfront

You can verify its config in ~/.aws/config:

[profile edge]
region = us-east-1
output = json
cloudfront =
    update-distribution = https://api.edge.mixable.net/cloudfront
    create-invalidation = https://api.edge.mixable.net/cloudfront
[plugins]
execute-api = awscli_plugin_execute_api

Use the CLI to update your distribution

Command to create an invalidation:

$ aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --paths '/*'

Example response:

{
    "Location": "https://cloudfront.amazonaws.com/2018-11-05/distribution/EQ0A1ULE1WVTI/invalidation/ILN6EOUA0GR8R",
    "Invalidation": {
        "Id": "ILN6EOUA0GR8R",
        "Status": "InProgress",
        "CreateTime": "2019-06-19T15:45:39Z",
        "InvalidationBatch": {
            "Paths": {
                "Quantity": 1,
                "Items": [
                    "/*"
                ]
            },
            "CallerReference": "cli-1560959138-179155"
        }
    }
}

Command to get config:

$ aws cloudfront get-distribution-config --id $DISTRIBUTION_ID --query 'DistributionConfig' > config.json

Now update config.json to add behaviors, etc.

Command to update config:

$ ETAG=$(aws cloudfront get-distribution --id $DISTRIBUTION_ID --output text --query 'ETag')
$ aws cloudfront update-distribution --id $DISTRIBUTION_ID --if-match $ETAG --distribution-config file://config.json

Example output:

{
    "ETag": "E2ZJ47QDF7LPIS",
    "Distribution": {
        "Id": "EQ0A1ULE1WVTI",
        "ARN": "arn:aws:cloudfront::615670401552:distribution/EQ0A1ULE1WVTI",
        "Status": "InProgress",
        ...
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment