From c3f273b2d7b18f921410cde6e01442694cda5fe7 Mon Sep 17 00:00:00 2001 From: Matt Brown Date: Sun, 9 Jul 2023 00:00:45 +1200 Subject: [PATCH] deploy: Create AWS session for CloudFront invalidation via Go CDK This allows the AWS credentials to be picked up from the configured target URL (like blob does) rather than the current behaviour of only relying on the defaults. Relying on the defaults here means having to specify credentials twice (once in the URL for the blob, once in the environment for this code path) when non-default AWS credentials are in used (e.g. via a profile). --- deploy/cloudfront.go | 13 +++++++++---- deploy/deploy.go | 2 +- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/deploy/cloudfront.go b/deploy/cloudfront.go index 2f673dc97..8ed9b858d 100644 --- a/deploy/cloudfront.go +++ b/deploy/cloudfront.go @@ -18,6 +18,7 @@ package deploy import ( "context" + "net/url" "time" "github.com/aws/aws-sdk-go/aws" @@ -26,14 +27,18 @@ import ( ) // InvalidateCloudFront invalidates the CloudFront cache for distributionID. -// It uses the default AWS credentials from the environment. -func InvalidateCloudFront(ctx context.Context, distributionID string) error { - sess, err := gcaws.NewDefaultSession() +// Uses AWS credentials config from the bucket URL. +func InvalidateCloudFront(ctx context.Context, target *Target) error { + u, err := url.Parse(target.URL) + if err != nil { + return err + } + sess, _, err := gcaws.NewSessionFromURLParams(u.Query()) if err != nil { return err } req := &cloudfront.CreateInvalidationInput{ - DistributionId: aws.String(distributionID), + DistributionId: aws.String(target.CloudFrontDistributionID), InvalidationBatch: &cloudfront.InvalidationBatch{ CallerReference: aws.String(time.Now().Format("20060102150405")), Paths: &cloudfront.Paths{ diff --git a/deploy/deploy.go b/deploy/deploy.go index 60a3da363..26fac8975 100644 --- a/deploy/deploy.go +++ b/deploy/deploy.go @@ -271,7 +271,7 @@ func (d *Deployer) Deploy(ctx context.Context) error { } } else { d.logger.Println("Invalidating CloudFront CDN...") - if err := InvalidateCloudFront(ctx, d.target.CloudFrontDistributionID); err != nil { + if err := InvalidateCloudFront(ctx, d.target); err != nil { d.logger.Printf("Failed to invalidate CloudFront CDN: %v\n", err) return err }