fincham/cloudfront.sh

## cloudfront.sh
#!/bin/bash

# update the apache ACLs for cloudfront IPs

new=$(while read -r i; do printf "Require ip %s\\n" "$i"; done < <(curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service=="CLOUDFRONT") | .ip_prefix'))

if [ "$(sha256sum - <<< "$new" | sed -e 's/ .*//')" != "$(sha256sum /etc/apache2/require-cloudfront-ip.conf | sed -e 's/ .*//')" ]; then
	> /etc/apache2/require-cloudfront-ip.conf
	while read -r line; do
		if [[ "$line" =~ ^Require\ ip\ [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}$ ]]; then
			printf "%s\\n" "$line" >> /etc/apache2/require-cloudfront-ip.conf
		fi
	done <<< "$new"
	service apache2 restart
fi
	#!/bin/bash

	# update the apache ACLs for cloudfront IPs

	new=$(while read -r i; do printf "Require ip %s\\n" "$i"; done < <(curl -s https://ip-ranges.amazonaws.com/ip-ranges.json \| jq -r '.prefixes[] \| select(.service=="CLOUDFRONT") \| .ip_prefix'))

	if [ "$(sha256sum - <<< "$new" \| sed -e 's/ .//')" != "$(sha256sum /etc/apache2/require-cloudfront-ip.conf \| sed -e 's/ .//')" ]; then
	> /etc/apache2/require-cloudfront-ip.conf
	while read -r line; do
	if [[ "$line" =~ ^Require\ ip\ [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}$ ]]; then
	printf "%s\\n" "$line" >> /etc/apache2/require-cloudfront-ip.conf
	fi
	done <<< "$new"
	service apache2 restart
	fi