Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
AWS Lambda script:: CloudFront Invalidations which are triggered by s3 events.
console.log('Loading event');
var Q = require('q');
var aws = require('aws-sdk');
var cloudfront = new aws.CloudFront();
exports.handler = function (event, context) {
//_log('Received event: ', event);
var bucket = event.Records[0].s3.bucket.name;
var key = event.Records[0].s3.object.key;
console.log('Bucket: '+bucket);
console.log('Key: '+key);
cloudfront.listDistributions({}, function (err, data) {
var promises = [];
if (err) {
_log('Error: ', err);
context.done('error', err);
return;
}
// Find a bucket which uses the backet as a origin.
data.Items.map(function (distribution) {
var deferred = Q.defer();
var exists = false;
distribution.Origins.Items.map(function (origin) {
if (exists) return;
if (origin.DomainName.indexOf(bucket) === 0) {
exists = true;
var name = distribution.DomainName;
if (distribution.Aliases.Quantity > 0) {
name = distribution.Aliases.Items[0];
}
console.log('Distribution: ' + distribution.Id + ' ('+ name + ')');
// Parameters for a invalidation
var params = {
DistributionId : distribution.Id,
InvalidationBatch : {
CallerReference : '' + new Date().getTime(),
Paths : {
Quantity : 1,
Items : [ '/'+key ]
}
}
};
_log('Params: ', params);
// Invalidate
cloudfront.createInvalidation(params, function (err, data) {
if (err) {
_log('Error: ', err);
deferred.reject();
return;
}
_log('Success: ', data.InvalidationBatch);
deferred.resolve();
});
}
});
if (! exists) deferred.resolve();
promises.push(deferred.promise);
});
Q.all(promises).then(function() {
context.done(null, '');
});
});
function _log(caption, object) {
console.log(caption + JSON.stringify(object, true, ' '));
}
};
@godsmustbcrazy

This comment has been minimized.

Copy link

godsmustbcrazy commented Apr 19, 2016

Hello, new to Lambda, do I create a project first with a package.json file etc and then upload it with the node modules? I am getting a q not found error when putting the code inline.

Thanks
Prem

@timanrebel

This comment has been minimized.

Copy link

timanrebel commented Apr 19, 2016

Easiest way to do this is to create a folder with the name s3-invalidation, call npm init and npm install q aws-sdk --save. Save the content of this Gist in index.js and upload the whole as a zip to Lambda. On lambda change index.handler to s3-invalidation.handler

@godsmustbcrazy

This comment has been minimized.

Copy link

godsmustbcrazy commented Apr 19, 2016

thank you very much

@jeffkee

This comment has been minimized.

Copy link

jeffkee commented Jul 10, 2017

And make sure the "role" you define has authority to read/list S3, and also make such changes to the Cloudfront. @timanrebel you are awesome.

@IceManNCSU

This comment has been minimized.

Copy link

IceManNCSU commented Sep 8, 2017

Here is the IAM Policy that I am using to make this magic work if anyone else needs a quick-start.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "acm:ListCertificates",
                "cloudfront:GetDistribution",
                "cloudfront:GetDistributionConfig",
                "cloudfront:ListDistributions",
                "cloudfront:ListCloudFrontOriginAccessIdentities",
                "cloudfront:CreateInvalidation",
                "cloudfront:GetInvalidation",
                "cloudfront:ListInvalidations",
                "elasticloadbalancing:DescribeLoadBalancers",
                "iam:ListServerCertificates",
                "sns:ListSubscriptionsByTopic",
                "sns:ListTopics",
                "waf:GetWebACL",
                "waf:ListWebACLs"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}
@ruvan83

This comment has been minimized.

Copy link

ruvan83 commented Feb 21, 2019

Thanks for the lambda! How do I get cloudwatch logs? I basically want to be sure the lambda is triggered each time there are objects added to the bucket by deploy?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.