Last active
January 7, 2023 08:57
-
-
Save supinf/e66fd36f9228a8701706 to your computer and use it in GitHub Desktop.
AWS Lambda script:: CloudFront Invalidations which are triggered by s3 events.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| console.log('Loading event'); | |
| var Q = require('q'); | |
| var aws = require('aws-sdk'); | |
| var cloudfront = new aws.CloudFront(); | |
| exports.handler = function (event, context) { | |
| //_log('Received event: ', event); | |
| var bucket = event.Records[0].s3.bucket.name; | |
| var key = event.Records[0].s3.object.key; | |
| console.log('Bucket: '+bucket); | |
| console.log('Key: '+key); | |
| cloudfront.listDistributions({}, function (err, data) { | |
| var promises = []; | |
| if (err) { | |
| _log('Error: ', err); | |
| context.done('error', err); | |
| return; | |
| } | |
| // Find a bucket which uses the backet as a origin. | |
| data.Items.map(function (distribution) { | |
| var deferred = Q.defer(); | |
| var exists = false; | |
| distribution.Origins.Items.map(function (origin) { | |
| if (exists) return; | |
| if (origin.DomainName.indexOf(bucket) === 0) { | |
| exists = true; | |
| var name = distribution.DomainName; | |
| if (distribution.Aliases.Quantity > 0) { | |
| name = distribution.Aliases.Items[0]; | |
| } | |
| console.log('Distribution: ' + distribution.Id + ' ('+ name + ')'); | |
| // Parameters for a invalidation | |
| var params = { | |
| DistributionId : distribution.Id, | |
| InvalidationBatch : { | |
| CallerReference : '' + new Date().getTime(), | |
| Paths : { | |
| Quantity : 1, | |
| Items : [ '/'+key ] | |
| } | |
| } | |
| }; | |
| _log('Params: ', params); | |
| // Invalidate | |
| cloudfront.createInvalidation(params, function (err, data) { | |
| if (err) { | |
| _log('Error: ', err); | |
| deferred.reject(); | |
| return; | |
| } | |
| _log('Success: ', data.InvalidationBatch); | |
| deferred.resolve(); | |
| }); | |
| } | |
| }); | |
| if (! exists) deferred.resolve(); | |
| promises.push(deferred.promise); | |
| }); | |
| Q.all(promises).then(function() { | |
| context.done(null, ''); | |
| }); | |
| }); | |
| function _log(caption, object) { | |
| console.log(caption + JSON.stringify(object, true, ' ')); | |
| } | |
| }; |
And make sure the "role" you define has authority to read/list S3, and also make such changes to the Cloudfront. @timanrebel you are awesome.
Here is the IAM Policy that I am using to make this magic work if anyone else needs a quick-start.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"acm:ListCertificates",
"cloudfront:GetDistribution",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudfront:ListCloudFrontOriginAccessIdentities",
"cloudfront:CreateInvalidation",
"cloudfront:GetInvalidation",
"cloudfront:ListInvalidations",
"elasticloadbalancing:DescribeLoadBalancers",
"iam:ListServerCertificates",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"waf:GetWebACL",
"waf:ListWebACLs"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
Thanks for the lambda! How do I get cloudwatch logs? I basically want to be sure the lambda is triggered each time there are objects added to the bucket by deploy?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thank you very much