5

据我了解,禁用云端分发意味着更新其状态,并且必须能够将其删除。

鉴于 AWS CLI 的文档非常稀少,我正在寻找一个关于如何仅使用 CLI 进行更新的最小示例。

4

6 回答 6

14

虽然我不能为您提供一个最小的示例,但以下应该可以工作。您可以从发行版的存储库或http://stedolan.github.io/jq/manual/获取 jq 。

  1. 获取 Etag,第 3 步将需要它:

    $ aws cloudfront get-distribution-config --id E123456 | jq'。| .ETag'

获取当前配置:

  1. $ aws cloudfront get-distribution-config --id E123456 | jq'。| .DistributionConfig' > /tmp/disable-distribution-E123456

    修改 /tmp/disable-distribution-E123456,分发配置文件以禁用。

    相关部分:

    "DefaultRootObject": null,
"PriceClass": "PriceClass_All",
"Enabled": true,  <-- Set to false

更新分布:

  1. $ aws cloudfront update-distribution --id E123456 --if-match E3SVA578MZF6JZ --distribution-config file:///tmp/disable-distribution-E123456
于 2014-10-06T02:19:59.577 回答
6

奇怪的是,建议的解决方案对我不起作用。我不断得到

An error occurred (DistributionNotDisabled) when calling the DeleteDistribution operation: The distribution you are trying to delete has not been disabled.

打电话时aws cloudfront delete-distribution

问题似乎是您无法立即禁用分发aws cloudfront update-distribution,它的状态需要一段时间才能更新(参见 AWS 控制台,其中状态显示为“进行中”)。

总之,以下命令序列解决了我的问题:

aws cloudfront update-distribution
aws cloudfront wait distribution-deployed
aws cloudfront delete-distribution
于 2019-01-10T06:37:13.323 回答
2

这是自动禁用分发的完整脚本:

    id=E234343434

    tmpfile=$(mktemp /tmp/script.XXXXXX)
    tmpfile2=$(mktemp /tmp/script.XXXXXX)
    aws cloudfront get-distribution-config --id $id | \
       jq .DistributionConfig.Enabled=false > $tmpfile
    jq -r .DistributionConfig $tmpfile > $tmpfile2
    aws cloudfront update-distribution --id $id \
        --if-match $(jq .ETag $tmpfile -r) \
        --distribution-config file://$tmpfile2
    rm $tmpfile $tmpfile2

并删除:

aws cloudfront delete-distribution --id $id --if-match \
  $(aws cloudfront get-distribution-config --id $id | jq .ETag -r)
于 2019-05-28T23:20:26.433 回答
1

取消部署删除分发的完整示例。脚本等到分发被禁用,然后将其删除。这适用于 aws-cli/2.0.49。

 echo "Gettiuing cloudfront info"
    DISTRIBUTION_ID=$(cat ars/cloudfront-@@STACK_NAME-@@SERVICE_NAME.json | jq -r .Distribution.Id)   
aws cloudfront get-distribution-config --id $DISTRIBUTION_ID \
       | jq .DistributionConfig.Enabled=false > cloudfront.json
ETAG=$(cat cloudfront.json | jq -r .ETag)  

cat cloudfront.json | jq -r .DistributionConfig > distribution.json

echo "Updating cloudfront to disabled"
ETAG=$(aws cloudfront update-distribution  --id $DISTRIBUTION_ID --if-match $ETAG  --distribution-config file://./distribution.json | jq -r .ETag)

rm distribution.json
rm cloudfront.json

echo "Waiting to be undeployed..."
OPERATION_STATUS="PENDING"
    while [ $OPERATION_STATUS = "PENDING" ]
    do
            OPERATION_STATUS=$(aws cloudfront get-distribution --id  $DISTRIBUTION_ID  | jq -r .Distribution.Status)
            if [ $OPERATION_STATUS != "Deployed" ]
            then
            echo "Status: $OPERATION_STATUS. Distribution not deployed yet. Sleeping additional 15s...."
                    sleep 15s
            fi
    done

echo "Deleting Cloudfront distribution..."
aws cloudfront delete-distribution  --id $DISTRIBUTION_ID --if-match $ETAG
于 2020-09-21T20:57:39.763 回答
0

imperalix 的回答非常适合我!让我再添加两个基本命令,以防一些新来者(比如我)需要它:

  1. 列出所有分布。从哪里可以找到 id。
$ aws cloudfront list-distributions
  1. 删除分布。但正如前面提到的,禁用分发后需要一些时间。
$ aws cloudfront delete-distribution --id E123456 --if-match ETag123456
于 2017-07-14T01:25:28.897 回答
0

这是一个作为 bash 脚本捆绑在一起的解决方案,无需创建任何额外的临时文件。我的用例是一个 S3 静态站点,我想在其中禁用和删除静态站点的 Cloudfront 分发

#!/bin/bash

wait=true
# validate supported platforms
for param in "$@"
do
    if [[ "$param" == "--no-wait" ]]
    then
        wait=false
    fi
done

s3_static_site=somebucket.s3-website-us-west-2.amazonaws.com
existing_distro_json=$(aws cloudfront list-distributions --query "DistributionList.Items[?Origins.Items[0].DomainName=='$s3_static_site'] | [0]")
if [ "$existing_distro_json" == "null" ]
then
  echo "Cloudfront distribution for $s3_static_site was already deleted"
else
  distro_id=$(echo $existing_distro_json | jq -r '.Id')

  # Need another call to get the details as its required for the etag and for the full update
  existing_distro_details_json=$(aws cloudfront get-distribution --id $distro_id)

  is_distro_enabled=$(echo $existing_distro_details_json | jq -r '.Distribution.DistributionConfig.Enabled')
  # Extract the ID and Etag used to select which record to delete
  distro_etag=$(echo $existing_distro_details_json | jq -r '.ETag')

  # Need to make a separate AWS CLI call because the etag does not appear in the list-distributions

  if [ $is_distro_enabled == true ]
  then
    # In the response I only want to select the "DistributionConfig" element raising it to the parent and then set 'Enabled' to false
    disabled_distro_json=$(echo $existing_distro_details_json | jq -r '.Distribution.DistributionConfig | .Enabled = false')

    echo "Disabling Cloudfront distribution $distro_id"
    aws cloudfront update-distribution --id $distro_id --if-match $distro_etag --distribution-config "$disabled_distro_json"

    if [ $wait == true ]
    then
      echo "Waiting for Cloudfront distribution $distro_id to be disabled, this can take up to 15 minutes..."
      aws cloudfront wait distribution-deployed --id $distro_id
      # The etag is updated after disabling, re-read to get the new value
      distro_etag=$(aws cloudfront get-distribution --id $distro_id | jq -r '.ETag')
    else
      echo "Not waiting for distribution to be disabled, delete id $distro_id manually at https://console.aws.amazon.com/cloudfront/home#distributions:"
    fi
  fi

  if [[ $is_distro_enabled == false || ($is_distro_enabled == true && $wait == true) ]]
  then
    echo "Cloudfront distribution disabled, deleting"
    aws cloudfront delete-distribution --id $distro_id --if-match $distro_etag
  fi
fi
于 2021-03-26T06:03:25.107 回答