Set up push invalidation for AWS Cloudfront
Push invalidation automatically purges content on the customer's production CDN (e.g. www.yourdomain.com
), whenever an author publishes content changes.
Content is purged by url and by cache tag/key.
Push invalidation is enabled by adding specific properties to the project's configuration (an Excel workbook named .helix/config.xlsx
in Sharepoint or a Google Sheet named .helix/config
in Google Drive).
NB: CloudFront does NOT support purging by cache tag/key. Purge by cache tag/key always triggers a purge all.
Configuration properties:
key | value | comment |
cdn.prod.host |
<Production Host> |
Host name of production site, e.g. www.yourdomain.com |
cdn.prod.type |
cloudfront |
|
cdn.prod.distributionId |
<Cloudfront Distribution ID> |
|
cdn.prod.accessKeyId |
<AWS Access key ID> |
AWS credentials |
cdn.prod.secretAccessKey |
<AWS Secret access key> |
AWS credentials |
To create the AWS credentials:
In the AWS Console, open the IAM dashboard, then select Policies → Create policy:
In the following screen, select "CloudFront" as a service, and "CreateInvalidation" as action, then click "Add ARNs" to restrict the permissions to a single distribution.
Enter you Distribution Id and click on “Add ARNs”:
Proceed to “Next: Tags” and then “Next: Review”.
Enter a name for the new policy, e.g. “AEM<YourSite>Invalidate”, and click on “Create policy”:
In the IAM dashboard, select Users → Create user
Enter a user name (e.g. “Invalidator”) and click on Next:
On the “Set permissions” pane, select “Attach policies directly” and select the newly created policy (“AEM<YourSite>Invalidate” in our example):
Proceed to the next step, click on “Create user” end then “View user”:
Select the “Security credentials” tab and click on “Create access key”:
Select “Third-party service”, click the checkbox and proceed to “Next”:
Finally, copy the Access key ID and Secret access key values:
You can validate the credentials with this tool.