Skip to content

Instantly share code, notes, and snippets.

@supinf
Last active January 7, 2023 08:57
Show Gist options
  • Save supinf/e66fd36f9228a8701706 to your computer and use it in GitHub Desktop.
Save supinf/e66fd36f9228a8701706 to your computer and use it in GitHub Desktop.
AWS Lambda script:: CloudFront Invalidations which are triggered by s3 events.
console.log('Loading event');
var Q = require('q');
var aws = require('aws-sdk');
var cloudfront = new aws.CloudFront();
exports.handler = function (event, context) {
//_log('Received event: ', event);
var bucket = event.Records[0].s3.bucket.name;
var key = event.Records[0].s3.object.key;
console.log('Bucket: '+bucket);
console.log('Key: '+key);
cloudfront.listDistributions({}, function (err, data) {
var promises = [];
if (err) {
_log('Error: ', err);
context.done('error', err);
return;
}
// Find a bucket which uses the backet as a origin.
data.Items.map(function (distribution) {
var deferred = Q.defer();
var exists = false;
distribution.Origins.Items.map(function (origin) {
if (exists) return;
if (origin.DomainName.indexOf(bucket) === 0) {
exists = true;
var name = distribution.DomainName;
if (distribution.Aliases.Quantity > 0) {
name = distribution.Aliases.Items[0];
}
console.log('Distribution: ' + distribution.Id + ' ('+ name + ')');
// Parameters for a invalidation
var params = {
DistributionId : distribution.Id,
InvalidationBatch : {
CallerReference : '' + new Date().getTime(),
Paths : {
Quantity : 1,
Items : [ '/'+key ]
}
}
};
_log('Params: ', params);
// Invalidate
cloudfront.createInvalidation(params, function (err, data) {
if (err) {
_log('Error: ', err);
deferred.reject();
return;
}
_log('Success: ', data.InvalidationBatch);
deferred.resolve();
});
}
});
if (! exists) deferred.resolve();
promises.push(deferred.promise);
});
Q.all(promises).then(function() {
context.done(null, '');
});
});
function _log(caption, object) {
console.log(caption + JSON.stringify(object, true, ' '));
}
};
@godsmustbcrazy
Copy link

Hello, new to Lambda, do I create a project first with a package.json file etc and then upload it with the node modules? I am getting a q not found error when putting the code inline.

Thanks
Prem

@timanrebel
Copy link

Easiest way to do this is to create a folder with the name s3-invalidation, call npm init and npm install q aws-sdk --save. Save the content of this Gist in index.js and upload the whole as a zip to Lambda. On lambda change index.handler to s3-invalidation.handler

@godsmustbcrazy
Copy link

thank you very much

@jeffkee
Copy link

jeffkee commented Jul 10, 2017

And make sure the "role" you define has authority to read/list S3, and also make such changes to the Cloudfront. @timanrebel you are awesome.

@IceManNCSU
Copy link

IceManNCSU commented Sep 8, 2017

Here is the IAM Policy that I am using to make this magic work if anyone else needs a quick-start.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "acm:ListCertificates",
                "cloudfront:GetDistribution",
                "cloudfront:GetDistributionConfig",
                "cloudfront:ListDistributions",
                "cloudfront:ListCloudFrontOriginAccessIdentities",
                "cloudfront:CreateInvalidation",
                "cloudfront:GetInvalidation",
                "cloudfront:ListInvalidations",
                "elasticloadbalancing:DescribeLoadBalancers",
                "iam:ListServerCertificates",
                "sns:ListSubscriptionsByTopic",
                "sns:ListTopics",
                "waf:GetWebACL",
                "waf:ListWebACLs"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}

@ruvan83
Copy link

ruvan83 commented Feb 21, 2019

Thanks for the lambda! How do I get cloudwatch logs? I basically want to be sure the lambda is triggered each time there are objects added to the bucket by deploy?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment