AWS CLI & CloudFront: Complete Guide with examples

Introduction

AWS CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to your users with low latency and high transfer speeds, globally. CloudFront is integrated with other AWS services, such as Amazon S3, Amazon EC2, and Elastic Load Balancing.

In this article, we will look at how to use the AWS CLI to perform common CloudFront operations.

Table of contents

• Introduction
  • Prerequisites
• How to create a distribution?
• How to list all distributions?
• How to retrieve a distribution?
• How to update an existing distribution?
• How to create an invalidation?
• How to check status of invalidation?

Prerequisites

• AWS CLI
• AWS Credentials: If you haven’t setup your AWS credentials before, this resource from AWS is helpful.

How to create a distribution?

To use CloudFront, we need to create a distribution. A distribution is a collection of settings that tell CloudFront how to handle requests for your content. We will be using the create-distribution subcommand to create a new distribution.

First, we will create a distribution config file distribution.json:

{
    "CallerReference": "cf-cli-distribution",
    "Comment": "LearnAWS Cloudfront Distribution",
    "Origins": {
        "Quantity": 1,
        "Items": [{
            "Id": "learnaws-test-versioning-s3",
            "DomainName": "learnaws-test-versioning-s3.s3.amazonaws.com",
            "S3OriginConfig": {
                "OriginAccessIdentity": ""
            }
        }]
    },
    "DefaultCacheBehavior": {
        "TargetOriginId": "learnaws-test-versioning-s3",
        "ViewerProtocolPolicy": "redirect-to-https",
        "TrustedSigners": {
            "Quantity": 0,
            "Enabled": false
        },
        "ForwardedValues": {
            "Cookies": {"Forward": "all"},
            "Headers": {"Quantity": 0},
            "QueryString": false,
            "QueryStringCacheKeys": {"Quantity": 0}
        },
        "DefaultTTL": 86400,
        "MinTTL": 3600
    },
    "Enabled": true
}

In this particular example, we have created a CloudFront distribution for a S3 bucket as the origin. To learn more about the various parameters that can be used to create a distribution, refer to the AWS documentation.

Now, we can use the create-distribution subcommand to create a new distribution:

aws cloudfront create-distribution --distribution-config file://distribution.json

Output:

{
    "Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/EITFAHA9HH050",
    "ETag": "E2PSNL365BW6T9",
    "Distribution": {
        "Id": "EITFAHA9HH050",
        "ARN": "arn:aws:cloudfront::641879703613:distribution/EITFAHA9HH050",
        "Status": "InProgress",
        "LastModifiedTime": "2023-02-02T18:14:05.260000+00:00",
        "InProgressInvalidationBatches": 0,
        "DomainName": "d1dq8kyq2l1abs.cloudfront.net",
        "ActiveTrustedSigners": {
            "Enabled": false,
            "Quantity": 0
        },
        "ActiveTrustedKeyGroups": {
            "Enabled": false,
            "Quantity": 0
        },

….

}

How to list all distributions?

We can use the list-distributions subcommand to list all the distributions in your AWS account.

aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].[Id,Origins.Items[0].DomainName]'

In this example, we are using the --output table and --query options to format the output in a table format.

Output

-------------------------------------------------------------------------------------------
|                                    ListDistributions                                    |
+----------------+------------------------------------------------------------------------+
|  E27D2Q31KB75SU|  learnaws-test-versioning-s3.s3.amazonaws.com                          |
|  EITFAHA9HH050 |  learnaws-test-versioning-s3.s3.amazonaws.com                          |
+----------------+------------------------------------------------------------------------+

How to retrieve a distribution?

We can use the get-distribution subcommand to retrieve a distribution. The arguments needed for this command are:

• id: ID of the distribution to retrieve.

aws cloudfront get-distribution --id EITFAHA9HH050

Output

{
    "ETag": "EOUB6C2UPPAYS",
    "Distribution": {
        "Id": "E27D2Q31KB75SU",
        "ARN": "arn:aws:cloudfront::641879703613:distribution/E27D2Q31KB75SU",
        "Status": "Deployed",
        "LastModifiedTime": "2023-01-31T18:07:56.551000+00:00",
        "InProgressInvalidationBatches": 0,
        "DomainName": "d1gresq66dmpuj.cloudfront.net",
        "ActiveTrustedSigners": {
            "Enabled": false,
            "Quantity": 0
        },
        "ActiveTrustedKeyGroups": {
            "Enabled": false,
            "Quantity": 0
        },
    ...
}

How to update an existing distribution?

We can use the update-distribution subcommand to update an existing distribution. The arguments needed for this command are:

• id: ID of the distribution to update.
• distribution-config: A JSON file that contains the distribution configuration.
• if-match: The value of the ETag header that you received when retrieving the distribution’s configuration.

aws cloudfront update-distribution --id EITFAHA9HH050 --distribution-config file://distribution.json --if-match EOUB6C2UPPAYS

Output

{
    "ETag": "E2PSNL365BW6T9",
    "Distribution": {
        "Id": "EITFAHA9HH050",
        "ARN": "arn:aws:cloudfront::641879703613:distribution/EITFAHA9HH050",
        "Status": "InProgress",
        "LastModifiedTime": "2023-02-02T18:14:05.260000+00:00",
        "InProgressInvalidationBatches": 0,
        "DomainName": "d1dq8kyq2l1abs.cloudfront.net",
        "ActiveTrustedSigners": {
            "Enabled": false,
            "Quantity": 0
        },
        "ActiveTrustedKeyGroups": {
            "Enabled": false,
            "Quantity": 0
        },
    ...
}

How to create an invalidation?

We can use the create-invalidation subcommand to create an invalidation. The arguments needed for this command are:

• distribution-id: ID of the distribution for which the invalidation is created.
• paths: A JSON file that contains the paths to invalidate.

aws cloudfront create-invalidation --distribution-id EITFAHA9HH050 --paths "/*"

Output

{
    "Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/EITFAHA9HH050/invalidation/I1ZQZQZQZQZQZ",
    "Invalidation": {
        "Id": "I1ZQZQZQZQZQZ",
        "Status": "InProgress",
        "CreateTime": "2023-02-02T18:14:05.260000+00:00",
        "InvalidationBatch": {
            "Paths": {
                "Quantity": 1,
                "Items": [
                    "/*"
                ]
            },
            "CallerReference": "cf-cli-invalidation"
        }
    }
}

How to check status of invalidation?

We can use the get-invalidation subcommand to check the status of an invalidation. The arguments needed for this command are:

• distribution-id: ID of the distribution for which the invalidation was created.
• id: ID of the invalidation to retrieve.

aws cloudfront get-invalidation --distribution-id EITFAHA9HH050 --id I1ZQZQZQZQZQZ

Output

{
    "Invalidation": {
        "Id": "I1ZQZQZQZQZQZ",
        "Status": "Completed",
        "CreateTime": "2023-02-02T18:14:05.260000+00:00",
        "InvalidationBatch": {
            "Paths": {
                "Quantity": 1,
                "Items": [
                    "/index.html"
                ]
            },
            "CallerReference": "cf-cli-invalidation"
        }
    }
}