Invalidate Cloudfront cache with AWS CDK Pipelines

Question

As part of my CodePipeline in CDK I would like, as the last step, to invalidate the Cloudfront cache.

This is my current Deploy action step:

{
  stageName: 'Deploy',
  actions: [
    new codepipelineActions.S3DeployAction({
      actionName: 'S3Deploy',
      bucket: frontendCodeBucket, // See bucket config below
      input: buildOutput, // Output from Build step
    }),
  ]
}

And here is my code bucket and CF distribution:

const frontendCodeBucket = new s3.Bucket(this, 'FrontendBucketStaging', {
  websiteIndexDocument: 'index.html',
  encryption: s3.BucketEncryption.S3_MANAGED,
  blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
  bucketName: 'something',
  removalPolicy: RemovalPolicy.DESTROY,
});


const distribution = new cloudfront.CloudFrontWebDistribution(this, 'FrontendCloudfrontStaging', {
  originConfigs: [
    {
      s3OriginSource: {
        s3BucketSource: frontendCodeBucket,
        originAccessIdentity: oai,
      },
      behaviors : [ {isDefaultBehavior: true}]
    }
  ],

I can't find any way to invalidate the cache through S3DeployAction. It seems like one of the most common thing one would want to do when working with a static website and Cloudfront. Is it simply just not possible?

If it's not. Is there a workaround? For example, in a non pipeline-process, something like this should work (what I've read):

new s3deploy.BucketDeployment(this, 'DeployWithInvalidation', {
  sources: [<some assets>],
  destinationBucket: bucket,
  distribution,
  distributionPaths: ['/*'],
});

Is there then a way to add such a step in the pipeline, that is not an "Action"?

Very happy for any help or pointers. I'm quite new to CDK, but this just felt like such a common thing that someone would want to do, so I hope I'm just missing something here. Apart from this last step, the pipeline works great.

score 11 · Answer 1 · edited Apr 20 '22 at 13:01

11

I ended up adding another CodeBuildAction step after the S3DeployAction with the sole purpose of running this AWS CLI command:

aws cloudfront create-invalidation --distribution-id ${CLOUDFRONT_ID} --paths "/*"

Maybe not the prettiest solution, but it works :) It would be nice if invalidation would be an option in S3DeployAction though

Reference: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codepipeline_actions-readme.html#invalidating-the-cloudfront-cache-when-deploying-to-s3

edited Apr 20 '22 at 13:01

papiro

2,158
1
20
29

answered Dec 22 '20 at 16:43

Andreas

3,212
4
25
33

Already reported upstream: https://github.com/aws/aws-cdk/issues/6243 – rantoniuk Feb 15 '21 at 18:29
Had to look at your PR to find how to set up the permissions for the above command. Because without the permissions, I would simply get a 255 error from my CodeBuildAction. https://github.com/aws/aws-cdk/pull/12238/files – morgler Feb 24 '21 at 07:15
This is actually documented: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codepipeline_actions-readme.html#invalidating-the-cloudfront-cache-when-deploying-to-s3 Edit: didn't realize you were the one who submitted it! Nice work :) – papiro Apr 16 '22 at 19:06

score 6 · Answer 2 · answered Jun 03 '22 at 10:12

6

CloudFront cache invalidation is now included in the latest aws-s3-deployment module https://docs.aws.amazon.com/cdk/api/v1/docs/aws-s3-deployment-readme.html#cloudfront-invalidation

answered Jun 03 '22 at 10:12

Duy

1,332
1
10
19

this is the valid answer at april 2023 for CDK stacks. – rnrneverdies Apr 20 '23 at 02:02

Invalidate Cloudfront cache with AWS CDK Pipelines

2 Answers2