https://pulumi.com logo
Powered by
#aws
Title
# aws
d

dry-journalist-60579

05/24/2023, 1:55 AM
Is there an approach to automatically run a CloudFront cache invalidation after an S3 object in its origin changes via BucketObject?
ChatGPT suggests:
Copy code
import pulumi
import pulumi_aws as aws
from pulumi_aws import s3, lambda_, iam, cloudfront

# Creating S3 Bucket
bucket = s3.Bucket("myBucket")

# Creating CloudFront Distribution
distribution = cloudfront.Distribution("myDistribution",
    origins=[{
        'originId': bucket.arn,
        'domain_name': bucket.bucket_regional_domain_name,
        's3OriginConfig': {
            'originAccessIdentity': 'origin-access-identity/cloudfront/ABCDEFG1234567',
        }
    }],
)

# Creating IAM role for lambda function
role = iam.Role('lambdaRole',
    assume_role_policy="""{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "sts:AssumeRole",
          "Principal": {
            "Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
          },
          "Effect": "Allow",
          "Sid": ""
        }
      ]
    }""")

# Attach the lambda execution role policy
attach_exec_role_policy = iam.RolePolicyAttachment('lambdaExecutionRolePolicy',
    role=role.name,
    policy_arn="arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole")

# Creating Lambda function
lambda_func = lambda_.Function('lambdaFunction',
    code=pulumi.AssetArchive({
        '.': pulumi.FileArchive('./app')
    }),
    role=role.arn,
    handler='handler.main',
    runtime="python3.7"
)

# Creating S3 Bucket Notification for object created events
bucket_notification = s3.BucketNotification("bucketNotification",
    bucket=bucket.id,
    lambda_functions=[s3.BucketNotificationLambdaFunctionArgs(
        lambda_function_arn=lambda_func.arn,
        events=["s3:ObjectCreated:*"]
    )]
)

# Allow S3 bucket to invoke the Lambda function
lambda_permission = lambda_.Permission('lambdaPermission',
    action='lambda:InvokeFunction',
    function=lambda_func.name,
    principal='<http://s3.amazonaws.com|s3.amazonaws.com>',
    source_arn=bucket.arn
)
with a handler:
Copy code
import json
import boto3

def main(event, context):
    # Get the CloudFront Distribution ID
    distribution_id = 'YOUR_CF_DISTRIBUTION_ID'

    # Create a new CloudFront client
    client = boto3.client('cloudfront')

    # Create an invalidation
    invalidation = client.create_invalidation(
        DistributionId=distribution_id,
        InvalidationBatch={
            'Paths': {
                'Quantity': 1,
                'Items': ['/*'],
            },
            'CallerReference': str(event['Records'][0]['s3']['object']['eTag'])
        }
    )

    # Log the response from AWS
    print(json.dumps(invalidation, indent=4, default=str))

    return {
        'statusCode': 200,
        'body': json.dumps('Hello from Lambda!')
    }
Powered by