AWS CLI：禁用分发

Question

据我所知，禁用云端分发意味着更新其状态，并且必须能够将其删除。

鉴于AWS CLI的文档非常稀少，我正在寻找一个仅使用CLI进行更新的最小示例。

Answer 1

虽然我无法为您提供最小的示例，但以下内容应该有效。您可以从您的发行版存储库或http://stedolan.github.io/jq/manual/获取jq。

1. 获取Etag，第3步需要它：

   $ aws cloudfront get-distribution-config --id E123456 | jq'。 | .ETag'

获取当前配置：

1. $ aws cloudfront get-distribution-config --id E123456 | jq'。 | .DistributionConfig'＆gt;的/ tmp /禁用 - 分布 - E123456

   修改/ tmp / disable-distribution-E123456，分发配置文件以禁用。

   相关部分：

   "DefaultRootObject": null,
   "PriceClass": "PriceClass_All",
   "Enabled": true,  <-- Set to false
   

更新分发：

1. $ aws cloudfront update-distribution --id E123456 --if-match E3SVA578MZF6JZ --distribution-config file：/// tmp / disable-distribution-E123456

Answer 2

奇怪的是，提出的解决方案对我不起作用。我不断得到

An error occurred (DistributionNotDisabled) when calling the DeleteDistribution operation: The distribution you are trying to delete has not been disabled.

在致电aws cloudfront delete-distribution时。

问题似乎是您无法立即使用aws cloudfront update-distribution禁用分发，其状态需要一段时间才能更新（请参阅AWS控制台，其中状态显示为“进行中”）

总而言之，以下命令序列解决了我的问题：

aws cloudfront update-distribution
aws cloudfront wait distribution-deployed
aws cloudfront delete-distribution

Answer 3

取消部署分配的完整示例。脚本等待直到禁用分发，然后将其删除。这正在使用aws-cli / 2.0.49。

 echo "Gettiuing cloudfront info"
    DISTRIBUTION_ID=$(cat ars/cloudfront-@@STACK_NAME-@@SERVICE_NAME.json | jq -r .Distribution.Id)   
aws cloudfront get-distribution-config --id $DISTRIBUTION_ID \
       | jq .DistributionConfig.Enabled=false > cloudfront.json
ETAG=$(cat cloudfront.json | jq -r .ETag)  

cat cloudfront.json | jq -r .DistributionConfig > distribution.json

echo "Updating cloudfront to disabled"
ETAG=$(aws cloudfront update-distribution  --id $DISTRIBUTION_ID --if-match $ETAG  --distribution-config file://./distribution.json | jq -r .ETag)

rm distribution.json
rm cloudfront.json

echo "Waiting to be undeployed..."
OPERATION_STATUS="PENDING"
    while [ $OPERATION_STATUS = "PENDING" ]
    do
            OPERATION_STATUS=$(aws cloudfront get-distribution --id  $DISTRIBUTION_ID  | jq -r .Distribution.Status)
            if [ $OPERATION_STATUS != "Deployed" ]
            then
            echo "Status: $OPERATION_STATUS. Distribution not deployed yet. Sleeping additional 15s...."
                    sleep 15s
            fi
    done

echo "Deleting Cloudfront distribution..."
aws cloudfront delete-distribution  --id $DISTRIBUTION_ID --if-match $ETAG

Answer 4

imperalix的答案对我来说非常合适！让我添加两个更基本的命令，只是让一些新人（比如我）需要它：

1. 列出所有发行版。从哪里可以找到身份证。

$ aws cloudfront list-distributions

1. 删除分发。但正如提到的那样，禁用分发后需要一些时间。

$ aws cloudfront delete-distribution --id E123456 --if-match ETag123456

Answer 5

以下是用于自动禁用分发功能的整个脚本：

    id=E234343434

    tmpfile=$(mktemp /tmp/script.XXXXXX)
    tmpfile2=$(mktemp /tmp/script.XXXXXX)
    aws cloudfront get-distribution-config --id $id | \
       jq .DistributionConfig.Enabled=false > $tmpfile
    jq -r .DistributionConfig $tmpfile > $tmpfile2
    aws cloudfront update-distribution --id $id \
        --if-match $(jq .ETag $tmpfile -r) \
        --distribution-config file://$tmpfile2
    rm $tmpfile $tmpfile2

并删除：

aws cloudfront delete-distribution --id $id --if-match \
  $(aws cloudfront get-distribution-config --id $id | jq .ETag -r)

Answer 6

这是一个作为 bash 脚本捆绑在一起的解决方案，无需创建任何额外的临时文件。我的用例是针对 S3 静态站点，我想在其中禁用和删除静态站点的 Cloudfront 分发

#!/bin/bash

wait=true
# validate supported platforms
for param in "$@"
do
    if [[ "$param" == "--no-wait" ]]
    then
        wait=false
    fi
done

s3_static_site=somebucket.s3-website-us-west-2.amazonaws.com
existing_distro_json=$(aws cloudfront list-distributions --query "DistributionList.Items[?Origins.Items[0].DomainName=='$s3_static_site'] | [0]")
if [ "$existing_distro_json" == "null" ]
then
  echo "Cloudfront distribution for $s3_static_site was already deleted"
else
  distro_id=$(echo $existing_distro_json | jq -r '.Id')

  # Need another call to get the details as its required for the etag and for the full update
  existing_distro_details_json=$(aws cloudfront get-distribution --id $distro_id)

  is_distro_enabled=$(echo $existing_distro_details_json | jq -r '.Distribution.DistributionConfig.Enabled')
  # Extract the ID and Etag used to select which record to delete
  distro_etag=$(echo $existing_distro_details_json | jq -r '.ETag')

  # Need to make a separate AWS CLI call because the etag does not appear in the list-distributions

  if [ $is_distro_enabled == true ]
  then
    # In the response I only want to select the "DistributionConfig" element raising it to the parent and then set 'Enabled' to false
    disabled_distro_json=$(echo $existing_distro_details_json | jq -r '.Distribution.DistributionConfig | .Enabled = false')

    echo "Disabling Cloudfront distribution $distro_id"
    aws cloudfront update-distribution --id $distro_id --if-match $distro_etag --distribution-config "$disabled_distro_json"

    if [ $wait == true ]
    then
      echo "Waiting for Cloudfront distribution $distro_id to be disabled, this can take up to 15 minutes..."
      aws cloudfront wait distribution-deployed --id $distro_id
      # The etag is updated after disabling, re-read to get the new value
      distro_etag=$(aws cloudfront get-distribution --id $distro_id | jq -r '.ETag')
    else
      echo "Not waiting for distribution to be disabled, delete id $distro_id manually at https://console.aws.amazon.com/cloudfront/home#distributions:"
    fi
  fi

  if [[ $is_distro_enabled == false || ($is_distro_enabled == true && $wait == true) ]]
  then
    echo "Cloudfront distribution disabled, deleting"
    aws cloudfront delete-distribution --id $distro_id --if-match $distro_etag
  fi
fi