What is happening during a CloudFront deployment?

Question

I'm using a web application setup in AWS where my backend is hosted on Elastic Beanstalk, and my frontend is stored in an S3 bucket. Both are served through CloudFront as a CDN. I've been following a specific deployment process, but I have questions regarding the timing of CloudFront changes and cache invalidation.

Here's my deployment procedure:

• Duplicate my Elastic Beanstalk backend.
• Deploy the duplicated backend with changes.
• Push frontend changes to a staging folder in my S3 bucket.
• Change the origins of my CloudFront distribution to point to the updated S3 content and duplicated backend.
• Wait for the CloudFront deployment to complete.
• Invalidate the CloudFront cache.

My concern lies in the period between the change of CloudFront origins and the cache invalidation. Specifically, I'm unsure about the following:

1. What exactly happens during the CloudFront deployment? Could this impact the accessibility of my updated frontend content?
2. Is it necessary to wait for the CloudFront deployment to finish before initiating the cache invalidation process? Or can I proceed with cache invalidation as soon as I've updated the CloudFront origins?

Answer 1

There's a risk of inconsistency until you invalidate the cache. I mean one client might fetch a version n of a resource from the cache and a version n+1 of another resource from the new origin, and version n+1 of your backend API. This could lead to unexpected behaviour or rendering.

I invite you to look at CloudFront continuous deployment feature. Basically you have 2 distributions one primary and a staging one. The staging one can be associated to your second S3 origin and second backend API. You can invalidate the cache of the staging distribution then proceed with the rollout.