Search code examples
amazon-web-servicesamazon-cloudfrontaws-cli

AWS CLI for CloudFront create-invalidation returns old invalidation

I'm trying to use the AWS CLI to create invalidations on CloudFront in my CI service to automatically invalidate files on deployment. However, the CLI returns a success message, but the invalidation referenced is a month old and no new invalidation is created.

I'm installing and enabling cloudfront:

pip install awscli
aws configure set preview.cloudfront true
aws configure set preview.create-invalidation true

Then I create the invalidation:

aws cloudfront create-invalidation --cli-input-json '{"DistributionId":"ABC123ABC123","InvalidationBatch":{"Paths":{"Quantity":1,"Items":["/index.html"]},"CallerReference":"codeship"}}'

An example of the response, when I ran this command on 7/13 at 4pm ET:

{
  "Invalidation": {
    "Status": "Completed",
    "InvalidationBatch": {
      "Paths": {
        "Items": [
          "/index.html"
        ],
        "Quantity": 1
      },
      "CallerReference": "codeship"
    },
    "Id": "1234567890",
    "CreateTime": "2015-06-12T18:39:56.360Z"
  },
  "Location": "https://cloudfront.amazonaws.com/2015-04-17/distribution/ABC123ABC123/invalidation/1234567890"
}

When I logged into CloudFront I can see the one invalidation from 6/12, but nothing from yesterday when I ran this command.

Am I doing anything wrong? Does this CLI API even work?

Solution

  • Looks like you're passing the same CallerReference for every call to CreateInvalidation? The CallerReference uniquely identifies a particular invalidation request, so CloudFront gives you the result of the first invalidation to use that CallerReference. From the documentation:

    A value that you specify to uniquely identify an invalidation request. CloudFront uses the value to prevent you from accidentally resubmitting an identical request. Whenever you create a new invalidation request, you must specify a new value for CallerReference and change other values in the request as applicable. One way to ensure that the value of CallerReference is unique is to use a timestamp, for example, 20120301090000.

    If you make a second invalidation request with the same value for CallerReference, and if the rest of the request is the same, CloudFront doesn't create a new invalidation request. Instead, CloudFront returns information about the invalidation request that you previously created with the same CallerReference.

    If CallerReference is a value you already sent in a previous invalidation batch request but the content of any Path is different from the original request, CloudFront returns an InvalidationBatchAlreadyExists error.