Last active
January 7, 2023 08:57
-
-
Save supinf/e66fd36f9228a8701706 to your computer and use it in GitHub Desktop.
AWS Lambda script:: CloudFront Invalidations which are triggered by s3 events.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
console.log('Loading event'); | |
var Q = require('q'); | |
var aws = require('aws-sdk'); | |
var cloudfront = new aws.CloudFront(); | |
exports.handler = function (event, context) { | |
//_log('Received event: ', event); | |
var bucket = event.Records[0].s3.bucket.name; | |
var key = event.Records[0].s3.object.key; | |
console.log('Bucket: '+bucket); | |
console.log('Key: '+key); | |
cloudfront.listDistributions({}, function (err, data) { | |
var promises = []; | |
if (err) { | |
_log('Error: ', err); | |
context.done('error', err); | |
return; | |
} | |
// Find a bucket which uses the backet as a origin. | |
data.Items.map(function (distribution) { | |
var deferred = Q.defer(); | |
var exists = false; | |
distribution.Origins.Items.map(function (origin) { | |
if (exists) return; | |
if (origin.DomainName.indexOf(bucket) === 0) { | |
exists = true; | |
var name = distribution.DomainName; | |
if (distribution.Aliases.Quantity > 0) { | |
name = distribution.Aliases.Items[0]; | |
} | |
console.log('Distribution: ' + distribution.Id + ' ('+ name + ')'); | |
// Parameters for a invalidation | |
var params = { | |
DistributionId : distribution.Id, | |
InvalidationBatch : { | |
CallerReference : '' + new Date().getTime(), | |
Paths : { | |
Quantity : 1, | |
Items : [ '/'+key ] | |
} | |
} | |
}; | |
_log('Params: ', params); | |
// Invalidate | |
cloudfront.createInvalidation(params, function (err, data) { | |
if (err) { | |
_log('Error: ', err); | |
deferred.reject(); | |
return; | |
} | |
_log('Success: ', data.InvalidationBatch); | |
deferred.resolve(); | |
}); | |
} | |
}); | |
if (! exists) deferred.resolve(); | |
promises.push(deferred.promise); | |
}); | |
Q.all(promises).then(function() { | |
context.done(null, ''); | |
}); | |
}); | |
function _log(caption, object) { | |
console.log(caption + JSON.stringify(object, true, ' ')); | |
} | |
}; |
Easiest way to do this is to create a folder with the name s3-invalidation
, call npm init
and npm install q aws-sdk --save
. Save the content of this Gist in index.js
and upload the whole as a zip to Lambda. On lambda change index.handler
to s3-invalidation.handler
thank you very much
And make sure the "role" you define has authority to read/list S3, and also make such changes to the Cloudfront. @timanrebel you are awesome.
Here is the IAM Policy that I am using to make this magic work if anyone else needs a quick-start.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"acm:ListCertificates",
"cloudfront:GetDistribution",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudfront:ListCloudFrontOriginAccessIdentities",
"cloudfront:CreateInvalidation",
"cloudfront:GetInvalidation",
"cloudfront:ListInvalidations",
"elasticloadbalancing:DescribeLoadBalancers",
"iam:ListServerCertificates",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"waf:GetWebACL",
"waf:ListWebACLs"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
Thanks for the lambda! How do I get cloudwatch logs? I basically want to be sure the lambda is triggered each time there are objects added to the bucket by deploy?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, new to Lambda, do I create a project first with a package.json file etc and then upload it with the node modules? I am getting a q not found error when putting the code inline.
Thanks
Prem