Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: Add Cloudfront invalidation example for S3 deployment #12238

Merged
merged 5 commits into from
Dec 29, 2020
Merged

docs: Add Cloudfront invalidation example for S3 deployment #12238

merged 5 commits into from
Dec 29, 2020

Conversation

GibzonDev
Copy link
Contributor

@GibzonDev GibzonDev commented Dec 26, 2020
edited by skinny85
Loading

This workaround was discussed in this issue: #6243 (comment)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@gitpod-io
Copy link

gitpod-io bot commented Dec 26, 2020
edited
Loading

@mergify
Copy link
Contributor

mergify bot commented Dec 26, 2020

Title does not follow the guidelines of Conventional Commits. Please adjust title before merge.

@GibzonDev GibzonDev changed the title Add cloudfront invalidation example for S3 deployment docs: Add Cloudfront invalidation example for S3 deployment Dec 26, 2020
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 7a1e634
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@skinny85 skinny85 self-assigned this Dec 28, 2020
skinny85
skinny85 previously requested changes Dec 28, 2020
View reviewed changes
Copy link
Contributor

@skinny85 skinny85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much for the contribution @gibzon69 , it looks great! Some minor comments below.

packages/@aws-cdk/aws-codepipeline-actions/README.md Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-codepipeline-actions/README.md Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-codepipeline-actions/README.md Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-codepipeline-actions/README.md Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-codepipeline-actions/README.md Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-codepipeline-actions/README.md Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-codepipeline-actions/README.md Outdated
invalidateBuildProject.addToRolePolicy(
new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
resources: ['*'],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, is there a way to reduce these permissions? Do they all have to have "*"? Can at least some of them be scoped downed to the Distribution that we're invalidating?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup!
I had some old info, that CF didn't have resource level permissions, but they do. So I'm changing so that we only need CreateInvalidation and only for the specific distribution.

packages/@aws-cdk/aws-codepipeline-actions/README.md Outdated Show resolved Hide resolved
@mergify mergify bot dismissed skinny85’s stale review December 29, 2020 10:15

Pull request has been modified.

@GibzonDev
Copy link
Contributor Author

Thanks so much for the contribution @gibzon69 , it looks great! Some minor comments below.

I'm glad I could be of help, and thanks for the input!
Pushed changes has been tested and pipeline/invalidation works (thinking of permission and runOrder changes).
One thing I was unsure of is if there's a better way to get the ARN of the just created distribution.

skinny85
skinny85 previously requested changes Dec 29, 2020
View reviewed changes
Copy link
Contributor

@skinny85 skinny85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great @gibzon69 ! A few minor suggestions, but I'll apply them myself, and merge the PR later.

Thanks so much!

packages/@aws-cdk/aws-codepipeline-actions/README.md Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-codepipeline-actions/README.md Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-codepipeline-actions/README.md Outdated Show resolved Hide resolved
@mergify mergify bot dismissed skinny85’s stale review December 29, 2020 18:32

Pull request has been modified.

@mergify
Copy link
Contributor

mergify bot commented Dec 29, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify
Copy link
Contributor

mergify bot commented Dec 29, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 0b6f0dd into aws:master Dec 29, 2020
flochaz pushed a commit to flochaz/aws-cdk that referenced this pull request Jan 5, 2021
@GibzonDev @flochaz
docs: Add Cloudfront invalidation example for S3 deployment (aws#12238)
9d4ea66 
This workaround was discussed in this issue: aws#6243 (comment)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
morgler
morgler reviewed Feb 24, 2021
View reviewed changes
packages/@aws-cdk/aws-codepipeline-actions/README.md
});

// Add Cloudfront invalidation permissions to the project
const distributionArn = `arn:aws:cloudfront::${this.account}:distribution/${distribution.distributionId}`;
Copy link

@morgler morgler Feb 24, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe use process.env.CDK_DEFAULT_ACCOUNT instead of this.account. The env var for the account should be set automatically as far as I understood.

morgler
morgler reviewed Feb 24, 2021
View reviewed changes
packages/@aws-cdk/aws-codepipeline-actions/README.md
One workaround is to add another build step after the deploy step,
and use the AWS CLI to invalidate the cache:

```ts
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add necessary additional import of import * as iam from '@aws-cdk/aws-iam'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@morgler morgler morgler left review comments

@skinny85 skinny85 skinny85 approved these changes

Assignees

@skinny85 skinny85

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@GibzonDev @aws-cdk-automation @morgler @skinny85