AWS CLI & CloudFront: Complete Guide with examples

Introduction
AWS CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to your users with low latency and high transfer speeds, globally. CloudFront is integrated with other AWS services, such as Amazon S3, Amazon EC2, and Elastic Load Balancing.
In this article, we will look at how to use the AWS CLI to perform common CloudFront operations.
Table of contents
- Introduction
- How to create a distribution?
- How to list all distributions?
- How to retrieve a distribution?
- How to update an existing distribution?
- How to create an invalidation?
- How to check status of invalidation?
Prerequisites
- AWS CLI
- AWS Credentials: If you haven’t setup your AWS credentials before, this resource from AWS is helpful.
How to create a distribution?
To use CloudFront, we need to create a distribution. A distribution is a collection of settings that tell CloudFront how to handle requests for your content. We will be using the create-distribution
subcommand to create a new distribution.
First, we will create a distribution config file distribution.json
:
{
"CallerReference": "cf-cli-distribution",
"Comment": "LearnAWS Cloudfront Distribution",
"Origins": {
"Quantity": 1,
"Items": [{
"Id": "learnaws-test-versioning-s3",
"DomainName": "learnaws-test-versioning-s3.s3.amazonaws.com",
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}]
},
"DefaultCacheBehavior": {
"TargetOriginId": "learnaws-test-versioning-s3",
"ViewerProtocolPolicy": "redirect-to-https",
"TrustedSigners": {
"Quantity": 0,
"Enabled": false
},
"ForwardedValues": {
"Cookies": {"Forward": "all"},
"Headers": {"Quantity": 0},
"QueryString": false,
"QueryStringCacheKeys": {"Quantity": 0}
},
"DefaultTTL": 86400,
"MinTTL": 3600
},
"Enabled": true
}
In this particular example, we have created a CloudFront distribution for a S3 bucket as the origin. To learn more about the various parameters that can be used to create a distribution, refer to the AWS documentation.
Now, we can use the create-distribution
subcommand to create a new distribution:
aws cloudfront create-distribution --distribution-config file://distribution.json
Output:
{
"Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/EITFAHA9HH050",
"ETag": "E2PSNL365BW6T9",
"Distribution": {
"Id": "EITFAHA9HH050",
"ARN": "arn:aws:cloudfront::641879703613:distribution/EITFAHA9HH050",
"Status": "InProgress",
"LastModifiedTime": "2023-02-02T18:14:05.260000+00:00",
"InProgressInvalidationBatches": 0,
"DomainName": "d1dq8kyq2l1abs.cloudfront.net",
"ActiveTrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ActiveTrustedKeyGroups": {
"Enabled": false,
"Quantity": 0
},
….
}
How to list all distributions?
We can use the list-distributions
subcommand to list all the distributions in your AWS account.
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].[Id,Origins.Items[0].DomainName]'
In this example, we are using the --output table
and --query
options to format the output in a table format.
Output
-------------------------------------------------------------------------------------------
| ListDistributions |
+----------------+------------------------------------------------------------------------+
| E27D2Q31KB75SU| learnaws-test-versioning-s3.s3.amazonaws.com |
| EITFAHA9HH050 | learnaws-test-versioning-s3.s3.amazonaws.com |
+----------------+------------------------------------------------------------------------+
How to retrieve a distribution?
We can use the get-distribution
subcommand to retrieve a distribution. The arguments needed for this command are:
id
: ID of the distribution to retrieve.
aws cloudfront get-distribution --id EITFAHA9HH050
Output
{
"ETag": "EOUB6C2UPPAYS",
"Distribution": {
"Id": "E27D2Q31KB75SU",
"ARN": "arn:aws:cloudfront::641879703613:distribution/E27D2Q31KB75SU",
"Status": "Deployed",
"LastModifiedTime": "2023-01-31T18:07:56.551000+00:00",
"InProgressInvalidationBatches": 0,
"DomainName": "d1gresq66dmpuj.cloudfront.net",
"ActiveTrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ActiveTrustedKeyGroups": {
"Enabled": false,
"Quantity": 0
},
...
}
How to update an existing distribution?
We can use the update-distribution
subcommand to update an existing distribution. The arguments needed for this command are:
id
: ID of the distribution to update.distribution-config
: A JSON file that contains the distribution configuration.if-match
: The value of theETag
header that you received when retrieving the distribution’s configuration.
aws cloudfront update-distribution --id EITFAHA9HH050 --distribution-config file://distribution.json --if-match EOUB6C2UPPAYS
Output
{
"ETag": "E2PSNL365BW6T9",
"Distribution": {
"Id": "EITFAHA9HH050",
"ARN": "arn:aws:cloudfront::641879703613:distribution/EITFAHA9HH050",
"Status": "InProgress",
"LastModifiedTime": "2023-02-02T18:14:05.260000+00:00",
"InProgressInvalidationBatches": 0,
"DomainName": "d1dq8kyq2l1abs.cloudfront.net",
"ActiveTrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ActiveTrustedKeyGroups": {
"Enabled": false,
"Quantity": 0
},
...
}
How to create an invalidation?
We can use the create-invalidation
subcommand to create an invalidation. The arguments needed for this command are:
distribution-id
: ID of the distribution for which the invalidation is created.paths
: A JSON file that contains the paths to invalidate.
aws cloudfront create-invalidation --distribution-id EITFAHA9HH050 --paths "/*"
Output
{
"Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/EITFAHA9HH050/invalidation/I1ZQZQZQZQZQZ",
"Invalidation": {
"Id": "I1ZQZQZQZQZQZ",
"Status": "InProgress",
"CreateTime": "2023-02-02T18:14:05.260000+00:00",
"InvalidationBatch": {
"Paths": {
"Quantity": 1,
"Items": [
"/*"
]
},
"CallerReference": "cf-cli-invalidation"
}
}
}
How to check status of invalidation?
We can use the get-invalidation
subcommand to check the status of an invalidation. The arguments needed for this command are:
distribution-id
: ID of the distribution for which the invalidation was created.id
: ID of the invalidation to retrieve.
aws cloudfront get-invalidation --distribution-id EITFAHA9HH050 --id I1ZQZQZQZQZQZ
Output
{
"Invalidation": {
"Id": "I1ZQZQZQZQZQZ",
"Status": "Completed",
"CreateTime": "2023-02-02T18:14:05.260000+00:00",
"InvalidationBatch": {
"Paths": {
"Quantity": 1,
"Items": [
"/index.html"
]
},
"CallerReference": "cf-cli-invalidation"
}
}
}