AWS CloudFront, Boto3 and Python: Complete Guide with examples

AWS Boto3 is the Python SDK for AWS. Boto3 can be used to directly interact with AWS resources from Python scripts. In this tutorial, we will look at how we can use the Boto3 library to perform various operations on AWS CloudFront. CloudFront is a CDN (content delivery network) service built for high performance, security, and developer convenience. CloudFront can be used to deliver content to users at high speeds. It can also be used to protect your content from DDoS attacks.

Table of contents

Prerequisites
How to create a distribution?
How to list all distributions?
How to retrieve an existing distribution?
How to update a distribution?
How to create an invalidation?
How to check if invalidation has completed?
Conclusion

Prerequisites

Python3
Boto3: Boto3 can be installed using pip: pip install boto3
AWS Credentials: If you haven’t setup AWS credentials before, this resource from AWS is helpful.

How to create a distribution?

To use CloudFront, we need to create a distribution. A distribution is a collection of settings that tell CloudFront how to handle requests for your content. A distribution can be created using the following code:

import boto3
from time import time, sleep


client = boto3.client("cloudfront")


def create_distribution():
    """Create a Cloudfront Distribution."""
    cloudfront_deployment_name = "learnaws-cf-test"
    s3_bucket_name = "learnaws-test-versioning-s3"

    cloudfront_dist_config = {
        "CallerReference": cloudfront_deployment_name,
        "Comment": "LearnAWS Cloudfront Distribution",
        "Origins": {
            "Quantity": 1,
            "Items": [{
                "Id": s3_bucket_name,
                "DomainName": s3_bucket_name + ".s3.amazonaws.com",
                "S3OriginConfig": {
                    "OriginAccessIdentity": ""
                }
            }]
        },
        "DefaultCacheBehavior": {
            "TargetOriginId": s3_bucket_name,
            "ViewerProtocolPolicy": "redirect-to-https",
            "TrustedSigners": {
                "Quantity": 0,
                "Enabled": False
            },
            "ForwardedValues": {
                "Cookies": {"Forward": "all"},
                "Headers": {"Quantity": 0},
                "QueryString": False,
                "QueryStringCacheKeys": {"Quantity": 0}
            },
            "DefaultTTL": 86400,
            "MinTTL": 3600
        },
        "Comment": "",
        "Enabled": True,
    }

    return client.create_distribution(DistributionConfig=cloudfront_dist_config)

In this particular example, we have created a CloudFront distribution for a S3 bucket as the origin. To learn more about the various parameters that can be used to create a distribution, refer to the AWS documentation.

How to list all distributions?

To list all distributions, we can use the following code:

def list():
    """Lists all distributions in Cloudfront.

    Relies on NextMarker to paginate through all distributions.

    Returns:
        List: List of distributions.
    """
    response = client.list_distributions()
    distributions = []
    while True:
        for dist in response["DistributionList"]["Items"]:
            distributions.append(dist)
        if "NextMarker" not in response["DistributionList"]:
            break

        response = client.list_distributions(Marker=response["DistributionList"]["NextMarker"])
    return distributions

The output of this function is:

list()

[{'Id': 'E1Z2Y3X4Z5', 'ARN': 'arn:aws:cloudfront::xxxxx:distribution/E1Z2Y3X4Z5', 'Status': 'InProgress', 'LastModifiedTime': datetime.datetime(2021, 5, 12, 3, 14, 32, tzinfo=tzutc()), 'InProgressInvalidationBatches': 0, 'DomainName': 'd1z2y3x4z5.cloudfront.net', 'ActiveTrustedSigners': {'Enabled': False, 'Quantity': 0}, 'DistributionConfig': {'CallerReference': 'learnaws-cf-test', 'Aliases': {'Quantity': 0}, 'DefaultRootObject': '', 'Origins': {'Quantity': 1, 'Items': [{'Id': 'learnaws-test-versioning-s3', 'DomainName': 'learnaws-test-versioning-s3.s3.amazonaws.com', 'S3OriginConfig': {'OriginAccessIdentity': ''}}]}, 'DefaultCacheBehavior': {'TargetOriginId': 'learnaws-test-versioning-s3', 'ForwardedValues':
....

}]

How to retrieve an existing distribution?

To retrieve an existing distribution, we need to provide the distribution ID. We can use the following code to retrieve a distribution:

def get_distribution(distribution_id):
    return client.get_distribution(Id=distribution_id)

The output of this function is:

get_distribution("E1Z2Y3X4Z5")

{'Distribution': {'Id': 'E1Z2Y3X4Z5', 'ARN': 'arn:aws:cloudfront::xxxxx:distribution/E1Z2Y3X4Z5', 'Status': 'InProgress', 'LastModifiedTime': datetime.datetime(2021, 5, 12, 3, 14, 32, tzinfo=tzutc()), 'InProgressInvalidationBatches': 0, 'DomainName': 'd1z2y3x4z5.cloudfront.net', 'ActiveTrustedSigners': {'Enabled': False, 'Quantity': 0}, 'DistributionConfig': {'CallerReference': 'learnaws-cf-test', 'Aliases': {'Quantity': 0}, 'DefaultRootObject': '', 'Origins': {'Quantity': 1, 'Items': [{'Id': 'learnaws-test-versioning-s3', 'DomainName': 'learnaws-test-versioning-s3.s3.amazonaws.com', 'S3OriginConfig': {'OriginAccessIdentity': ''}}]}, 'DefaultCacheBehavior': {'TargetOriginId': 'learnaws-test-versioning-s3', 'ForwardedValues':
.....

How to update a distribution?

To update a distribution, we need to provide the distribution ID and the updated distribution configuration. The distribution ID can be obtained from the response of the create_distribution function. The updated distribution configuration can be obtained from the response of the get_distribution function. Before we can update a distribution, we need to provide the ETag of the existing distribution configuration.

We can use the following code to update a distribution:

def update():
    distribution_config = client.get_distribution_config(Id=distribution_id)

    # make the desired changes to the distribution configuration
    new_distribution_config = distribution_config["DistributionConfig"]
    new_distribution_config["Comment"] = "Updated Comment"

    # update the distribution with the new configuration
    cloudfront.update_distribution(
        DistributionConfig=new_distribution_config,
        Id=distribution_id,
        IfMatch=distribution_config["ETag"]
    )

How to create an invalidation?

To create an invalidation, we need to provide the distribution ID and the paths that need to be invalidated. The paths that need to be invalidated can be a list of paths or a wildcard. We can use the following code to create an invalidation:

import uuid


def invalidate(distribution_id, paths):
    """Create an invalidation for the given paths.

    Args:
        distribution_id (string): Distribution ID of the CloudFront distribution.
        paths (List): Array of paths to be invalidated.

    Returns:
        dict: Details of the invalidation object
    """
    return client.create_invalidation(
        DistributionId=distribution_id,
        InvalidationBatch={
            "Paths": {
                "Quantity": len(paths),
                "Items": paths
            },
            "CallerReference": str(uuid.uuid4())
        }
    )

The output of this function is:

{'ResponseMetadata': {'RequestId': '18761caa-3e2c-456a-be4a-50c64846d55b',
  'HTTPStatusCode': 201,
  'HTTPHeaders': {'x-amzn-requestid': '18761caa-3e2c-456a-be4a-50c64846d55b',
   'location': 'https://cloudfront.amazonaws.com/2020-05-31/distribution/E27D2Q31KB75SU/invalidation/I3UXUSHWOQO7I5',
   'content-type': 'text/xml',
   'content-length': '362',
   'date': 'Wed, 01 Feb 2023 04:34:38 GMT'},
  'RetryAttempts': 0},
 'Location': 'https://cloudfront.amazonaws.com/2020-05-31/distribution/E27D2Q31KB75SU/invalidation/I3UXUSHWOQO7I5',
 'Invalidation': {'Id': 'I3UXUSHWOQO7I5',
  'Status': 'InProgress',
  'CreateTime': datetime.datetime(2023, 2, 1, 4, 34, 39, 358000, tzinfo=tzutc()),
  'InvalidationBatch': {'Paths': {'Quantity': 1, 'Items': ['/*']},
   'CallerReference': '167522607898338'}}}

How to check if invalidation has completed?

To check if an invalidation has completed, we need to provide the distribution ID and the invalidation ID. We can use the following code to check if an invalidation has completed:

from time import sleep

def wait_invalidation_complete(distribution_id, invalidation_id):
    """Check if the invalidation has completed.

    Args:
        distribution_id (string): Distribution ID of the CloudFront distribution.
        invalidation_id (string): INvalidation ID of the invalidation.
    """

    while True:
        invalidation_status = client.get_invalidation(
            DistributionId=distribution_id,
            Id=invalidation_id
        )["Invalidation"]["Status"]

        if invalidation_status == "Completed":
            print("invalidation completed")
            return

        print("invalidation not yet completed, sleeping for 30 seconds")
        sleep(30)

Conclusion

In this tutorial, we learned how to create a CloudFront distribution, retrieve an existing distribution, update a distribution, create an invalidation, and check if an invalidation has completed.

Prerequisites

How to create a distribution?

How to list all distributions?

How to retrieve an existing distribution?

How to update a distribution?

How to create an invalidation?

How to check if invalidation has completed?

Conclusion

Opslane: Your AI On-Call Co-Pilot

Read more posts