Configure a new edge
profile with your addon AWS credentials:
$ heroku config --app edgeapp
EDGE_AWS_ACCESS_KEY_ID: AKIA...
EDGE_AWS_SECRET_ACCESS_KEY: JRHH...
EDGE_DISTRIBUTION_ID: EJM2O0DPZ8B2Y
EDGE_URL: https://d1unsc88mkka3m.cloudfront.net
$ aws configure --profile edge
AWS Access Key ID [None]: AKIA...
AWS Secret Access Key [None]: JRHH...
Default region name [None]: us-east-1
Default output format [None]: json
Activate the profile:
$ export AWS_DEFAULT_PROFILE=edge
Test the CLI. You can get your configuration:
$ export AWS_DEFAULT_PROFILE=edge
$ export DISTRIBUTION_ID=EJM2O0DPZ8B2Y
$ aws cloudfront get-distribution --id $DISTRIBUTION_ID
{
"ETag": "E1H92KNENJ9W16",
"Distribution": {
"Id": "EJM2O0DPZ8B2Y",
...
}
}
But you can not update it:
$ aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --paths '/*'
An error occurred (AccessDenied) when calling the CreateInvalidation operation: User is not authorized to perform: cloudfront:CreateInvalidation
Install the AWS CLI Execute API plugin. The plugin lets you send all CloudFront Update API requests to an endpoint scoped to your Heroku addon.
If you installed awscli
with Homebrew, use its bundled Python:
$ /usr/local/opt/awscli/libexec/bin/pip install --upgrade awscli-plugin-execute-api
If you installed awscli
with pip
, use your system Python:
$ pip install --upgrade awscli-plugin-execute-api
$ export AWS_DEFAULT_PROFILE=edge
$ aws configure set plugins.execute-api awscli_plugin_execute_api
$ aws configure set cloudfront.update-distribution https://api.edge.mixable.net/cloudfront
$ aws configure set cloudfront.create-invalidation https://api.edge.mixable.net/cloudfront
You can verify its config in ~/.aws/config
:
[profile edge]
region = us-east-1
output = json
cloudfront =
update-distribution = https://api.edge.mixable.net/cloudfront
create-invalidation = https://api.edge.mixable.net/cloudfront
[plugins]
execute-api = awscli_plugin_execute_api
Command to create an invalidation:
$ aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --paths '/*'
Example response:
{
"Location": "https://cloudfront.amazonaws.com/2018-11-05/distribution/EQ0A1ULE1WVTI/invalidation/ILN6EOUA0GR8R",
"Invalidation": {
"Id": "ILN6EOUA0GR8R",
"Status": "InProgress",
"CreateTime": "2019-06-19T15:45:39Z",
"InvalidationBatch": {
"Paths": {
"Quantity": 1,
"Items": [
"/*"
]
},
"CallerReference": "cli-1560959138-179155"
}
}
}
Command to get config:
$ aws cloudfront get-distribution-config --id $DISTRIBUTION_ID --query 'DistributionConfig' > config.json
Now update config.json to add behaviors, etc.
Command to update config:
$ ETAG=$(aws cloudfront get-distribution --id $DISTRIBUTION_ID --output text --query 'ETag')
$ aws cloudfront update-distribution --id $DISTRIBUTION_ID --if-match $ETAG --distribution-config file://config.json
Example output:
{
"ETag": "E2ZJ47QDF7LPIS",
"Distribution": {
"Id": "EQ0A1ULE1WVTI",
"ARN": "arn:aws:cloudfront::615670401552:distribution/EQ0A1ULE1WVTI",
"Status": "InProgress",
...
}
}