We have a Cloudfront distribution in front of some AWS buckets, set up by another member of my team.

I have some node.js code for [email protected] to rewrite requests.

My question is how do I deploy it to Cloudfront for those buckets, using the aws command-line tool?

I think, it would require

  1. request perms to assume a role;
  2. deploy the function somewhere that it can be used (as opposed to just my account);
  3. create the role/trust relationship;
  4. create the behaviour in Cloudfront;
  5. and associate the function with a Viewer Request event.

I have not found any coherent documentation or examples of how to do all of this, let alone using the aws tool.

As it is, I cannot see the Cloudfront or S3 buckets when I log in via the web site, though I can list the s3 bucket contents via command-line. (I am unsure how to access the Cloudfront via command line).

1 Answers

1
NHol On

If you have your function deployed in Lambda then you should add it to the "LambdaFunctionAssociations" element of the CloudFront distribution config then update your config using the update-distribution CLI command like:

aws cloudfront update-distribution --id C123456789 --distribution-config file://local/path/to/distrib-config.json

Where id is the ID of your distribution

If you want to get the current CloudFront distribution config you can do aws cloudfront get-distribution-config --id C123456789

If you want to create the function first then aws lambda create-function will return the created functions ARN to pass into the config. https://docs.aws.amazon.com/cli/latest/reference/lambda/create-function.html

When you say "just to my account", do you mean a separate AWS account or do you mean using your IAM user in the same AWS account as the CloudFront distribution and S3 buckets? It sounds like your AWS Console user is different to the user that has the access keys set in aws cli. aws cloudfront list-distributions will let you see CloudFront via command line.

Link to AWS Dev Guide for programmatic [email protected]