deploy: Create AWS session for CloudFront invalidation via Go CDK

This allows the AWS credentials to be picked up from the configured
target URL (like blob does) rather than the current behaviour of only
relying on the defaults.

Relying on the defaults here means having to specify credentials twice
(once in the URL for the blob, once in the environment for this code
path) when non-default AWS credentials are in used (e.g. via a profile).
This commit is contained in:
Matt Brown 2023-07-09 00:00:45 +12:00 committed by Bjørn Erik Pedersen
parent d7dcc76d27
commit c3f273b2d7
2 changed files with 10 additions and 5 deletions

View file

@ -18,6 +18,7 @@ package deploy
import (
"context"
"net/url"
"time"
"github.com/aws/aws-sdk-go/aws"
@ -26,14 +27,18 @@ import (
)
// InvalidateCloudFront invalidates the CloudFront cache for distributionID.
// It uses the default AWS credentials from the environment.
func InvalidateCloudFront(ctx context.Context, distributionID string) error {
sess, err := gcaws.NewDefaultSession()
// Uses AWS credentials config from the bucket URL.
func InvalidateCloudFront(ctx context.Context, target *Target) error {
u, err := url.Parse(target.URL)
if err != nil {
return err
}
sess, _, err := gcaws.NewSessionFromURLParams(u.Query())
if err != nil {
return err
}
req := &cloudfront.CreateInvalidationInput{
DistributionId: aws.String(distributionID),
DistributionId: aws.String(target.CloudFrontDistributionID),
InvalidationBatch: &cloudfront.InvalidationBatch{
CallerReference: aws.String(time.Now().Format("20060102150405")),
Paths: &cloudfront.Paths{

View file

@ -271,7 +271,7 @@ func (d *Deployer) Deploy(ctx context.Context) error {
}
} else {
d.logger.Println("Invalidating CloudFront CDN...")
if err := InvalidateCloudFront(ctx, d.target.CloudFrontDistributionID); err != nil {
if err := InvalidateCloudFront(ctx, d.target); err != nil {
d.logger.Printf("Failed to invalidate CloudFront CDN: %v\n", err)
return err
}