- Use Root or IAM user with Administrator policy to create an IAM user with below policy. This user will be used for
- Create IAM User with AKSK
- AWS Console -> Service: IAM -> Users -> Add users
- Check Access key - Programmatic access -> Permissions -> Attach exiting policies -> Create policy
- JSON -> copy and paste below policy -> Next... -> Name -> Create
- Press sync on Add user -> select above policy -> Next... -> Create
Download the credentials file!
- Rotate AKSK: https://aws.amazon.com/blogs/security/how-to-rotate-access-keys-for-iam-users/
- Take CloudFront actions on Console
- Call demo APIs
- Create IAM User with AKSK
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ManageOwnAccessKeys",
"Effect": "Allow",
"Action": [
"iam:CreateAccessKey",
"iam:DeleteAccessKey",
"iam:GetAccessKeyLastUsed",
"iam:GetUser",
"iam:ListAccessKeys",
"iam:UpdateAccessKey"
],
"Resource": "arn:aws:iam::*:user/${aws:username}"
},
{
"Sid": "EnableCloudFront",
"Effect": "Allow",
"Action": [
"cloudfront:*",
"cloudwatch:*",
"s3:Get*",
"s3:List*"
],
"Resource": "*"
}
]
}
Open the downloaded file an put in access key, secret key and region ("us-east-1")
aws configure --profile api-demo
AWS Access Key ID [None]: *******************A
AWS Secret Access Key [None]: *******************a
Default region name [None]: us-east-1
Default output format [None]:
go mod init cloudfront-gov2
go get github.com/aws/aws-sdk-go-v2/aws
go get github.com/aws/aws-sdk-go-v2/config
go get github.com/aws/aws-sdk-go-v2/service/cloudfront
- If go get timeout
go env -w GOPROXY=https://goproxy.cn
- ListDistributions, filtered by Alias
go run . -action search-distribution-by-alias -alias hello
- GetDistributionConfig
go run . -action get-distribution-config -dist $DISTRIBUTION_ID
- GetCachePolicyConfig
go run . -action get-cache-policy-id -cache $CACHE_POLICY_ID
- CreateInvitation
go run . -action create-invalidation -dist $DISTRIBUTION_ID -paths "/*"
- GetInvalidation
go run . -action get-invalidation -dist $DISTRIBUTION_ID -invalidation $INVALIDATION_ID