How to automate the update of an AWS CloudFront OriginPath during deployments

Question

How to automate the update of an AWS CloudFront OriginPath during deployments

Closed this issue 3 years ago · 0 comments

Can't just point to new code folder; need to pull config, modify it, and update it
AWS CLI allows you to pull the configuration

aws cloudfront get-distribution-config --id $cloudfront_distribution_id --profile $profile_name --region $region > output.json

jq can parse the configuration in a reliable way

cat output.json | jq ".ETag = \"\" | (.DistributionConfig.Origins.Items[] | select(.Id == \"THE_ID_OF_THE_ORIGIN\")).OriginPath = \"/THE_NAME_OF_YOUR_FOLDER\""

Some things to understand:

We escape the quotes using \.
We're escaping them because we're using " vs ' because my actual script uses references to variables, e.g. $myVariable, which needs double-quotes in order to be interpolated.

So modify the command above to spit it out to another file:

cat output.json | jq ".ETag = \"\" | (.DistributionConfig.Origins.Items[] | select(.Id == \"THE_ID_OF_THE_ORIGIN\")).OriginPath = \"/THE_NAME_OF_YOUR_FOLDER\"" > updated-config.json

And now you can modify the config as well:

TODO -- add bash command

Reference the SO question:

https://stackoverflow.com/questions/68074046/how-can-i-output-the-whole-document-in-jq-while-replacing-an-item-based-on-a-fie/68074394

Full OctopusDeploy step

cloudfront_distribution_id=`get_octopusvariable "CloudfrontDistributionId"`
profile_name=`get_octopusvariable "AWSProfileName"`
region=`get_octopusvariable "AWSRegion"`
release_number=`get_octopusvariable "Octopus.Release.Number"`
cloudfront_s3_origin_id=`get_octopusvariable "CloudfrontS3OriginId"`

echo "Distribution ID: $cloudfront_distribution_id"
echo "Profile Name: $profile_name"
echo "Region: $region"
echo "Release Number: $release_number"
echo "Cloudfront S3 Origin ID: $cloudfront_s3_origin_id"

# Get the current distribution's config as a JSON file and output it 
# to a file.
aws cloudfront get-distribution-config --id $cloudfront_distribution_id --profile $profile_name --region $region > output.json

echo "----- ORIGINAL JSON -----"

cat output.json

echo "----- RUNNING JQ -----"

# This takes the JSON file, removes the ETag field, selects the 
# appropriate distribution config item, and sets the origin path 
# to the S3 folder we expect. It then spits that config out to 
# its own file

cat output.json | jq "del(.ETag) | (.DistributionConfig.Origins.Items[] | select(.Id == \"$cloudfront_s3_origin_id\")).OriginPath = \"/$release_number\" | .DistributionConfig" > updated-config.json

echo "----- UPDATED JSON: -----"
cat updated-config.json

echo "----- GETTING ETAG VALUE FOR LATER USE -----"

# AWS CLI Requires us to specify the etag from this request, to make 
# sure nobody has made a change since we last pulled the config.
# This extracts the content of that tag. The -r parameter outputs
# the field as "raw" data, without quotes, which we want for our
# variable.
etag=`cat output.json | jq -r ".ETag"`
echo $etag

echo "----- CALLING TO UPDATE -----":
# Pass in the modified configuration file and the etag value to
# the cli command to update the distribution.
aws cloudfront update-distribution --id $cloudfront_distribution_id --profile $profile_name --region $region --if-match="$etag" --distribution-config file://updated-config.json