1

The following is an example of a script that executes during our deployment process to invalidate a CloudFront distribution. The goal is to just invalidate everything in the entire distribution, so we use / as the path.

aws cloudfront create-invalidation --distribution-id SOMEDISTRIBUTIONID --paths /

But the CloudFront Invalidation documentation recommends that the invalidation path uses a wildcard, like this:

aws cloudfront create-invalidation --distribution-id SOMEDISTRIBUTIONID --paths "/*"

What is the difference between these two path arguments? Do they both invalidate everything, or no? And is there a pricing difference?

Jacob Stamm
  • 111
  • 4

2 Answers2

2

Unless it is an undocumented special case, invalidating / would only invalidate the main page.

Note that from the shell, you need to quote '/*' to prevent shell expansion.

There is no price difference. All invalidations have the same cost per path specified, whether the path matches 0, 1, many, or all files.

The reasoning why the price is the same and it makes no difference whether you match one or all this isn't specified but speculation is that invalidations do two different things -- they initially set marker records with timestamps on the distribution that are checked when cache hits occur, and if the object matches the invalidation record and is older than the timestamp, the hit becomes a miss. The objects are then purged in the background and the markers removed. Brilliant design, if true, and it almost has to be something like this, since invalidations are very fast, even for /*.

The first 1,000 invalidation paths submitted per month per AWS account (not per distribution) are free.

Michael - sqlbot
  • 22,658
  • 2
  • 63
  • 86
  • Seeing that only the first 1,000 invalidated paths per month are free, and seeing that there is a separate limit for the number of invalidation paths in progress at any time, is there any downside to always using a wildcard invalidation? That is, if I update `/example/foo.txt` and `/example/foo.txt` on my site (consisting of thousands of pages), is there any reason not to simply invalidate `/*` rather than individually invalidating `/example/foo.txt` and `/example/foo.txt`? Would that be less efficient? Impose some sort of latency? – Garret Wilson Dec 02 '22 at 15:29
0

Caveats from an AWS Newbie

  • If you are invalidating multiple paths, you’ll get charged for each one, so wildcards can be cheaper.

  • BUT the limit for wildcard invalidations “in progress” is astonishingly low (~15) while the same limit for individual files is quite high (~3000?). So if you plan on submitting many wildcard invalidations over a minute, you’ll need a queue and processor which might erase the cost savings.

James White
  • 1