CODEWITHSUNDEEP
amazon-web-servicesamazon-cloudfrontaws-cli
Alexander Presber
Alexander Presber

Reputation: 6635

AWS CLI: disable distribution

As far as I have understood, disabling a cloudfront distribution means updating it's status and is necessary to be able to delete it.

Given the very sparse documentation of the AWS CLI, I am looking for a minimal example of how to do that update using just the CLI.

Upvotes: 6

Views: 9170

Answers (6)

phillipuniverse
phillipuniverse

Reputation: 2045

Here is a solution tied together as a bash script without creating any extra temporary files. My use case was for an S3 static site where I wanted to disable and delete the Cloudfront distribution for the static site

#!/bin/bash

wait=true
# validate supported platforms
for param in "$@"
do
    if [[ "$param" == "--no-wait" ]]
    then
        wait=false
    fi
done

s3_static_site=somebucket.s3-website-us-west-2.amazonaws.com
existing_distro_json=$(aws cloudfront list-distributions --query "DistributionList.Items[?Origins.Items[0].DomainName=='$s3_static_site'] | [0]")
if [ "$existing_distro_json" == "null" ]
then
  echo "Cloudfront distribution for $s3_static_site was already deleted"
else
  distro_id=$(echo $existing_distro_json | jq -r '.Id')

  # Need another call to get the details as its required for the etag and for the full update
  existing_distro_details_json=$(aws cloudfront get-distribution --id $distro_id)

  is_distro_enabled=$(echo $existing_distro_details_json | jq -r '.Distribution.DistributionConfig.Enabled')
  # Extract the ID and Etag used to select which record to delete
  distro_etag=$(echo $existing_distro_details_json | jq -r '.ETag')

  # Need to make a separate AWS CLI call because the etag does not appear in the list-distributions

  if [ $is_distro_enabled == true ]
  then
    # In the response I only want to select the "DistributionConfig" element raising it to the parent and then set 'Enabled' to false
    disabled_distro_json=$(echo $existing_distro_details_json | jq -r '.Distribution.DistributionConfig | .Enabled = false')

    echo "Disabling Cloudfront distribution $distro_id"
    aws cloudfront update-distribution --id $distro_id --if-match $distro_etag --distribution-config "$disabled_distro_json"

    if [ $wait == true ]
    then
      echo "Waiting for Cloudfront distribution $distro_id to be disabled, this can take up to 15 minutes..."
      aws cloudfront wait distribution-deployed --id $distro_id
      # The etag is updated after disabling, re-read to get the new value
      distro_etag=$(aws cloudfront get-distribution --id $distro_id | jq -r '.ETag')
    else
      echo "Not waiting for distribution to be disabled, delete id $distro_id manually at https://console.aws.amazon.com/cloudfront/home#distributions:"
    fi
  fi

  if [[ $is_distro_enabled == false || ($is_distro_enabled == true && $wait == true) ]]
  then
    echo "Cloudfront distribution disabled, deleting"
    aws cloudfront delete-distribution --id $distro_id --if-match $distro_etag
  fi
fi

Upvotes: 0

Guillermo Gefaell
Guillermo Gefaell

Reputation: 377

A full example of undeploying an deleting a distribution. Script waits until distribution is disabled and then delets it. This is working with aws-cli/2.0.49.

 echo "Gettiuing cloudfront info"
    DISTRIBUTION_ID=$(cat ars/cloudfront-@@STACK_NAME-@@SERVICE_NAME.json | jq -r .Distribution.Id)   
aws cloudfront get-distribution-config --id $DISTRIBUTION_ID \
       | jq .DistributionConfig.Enabled=false > cloudfront.json
ETAG=$(cat cloudfront.json | jq -r .ETag)  

cat cloudfront.json | jq -r .DistributionConfig > distribution.json

echo "Updating cloudfront to disabled"
ETAG=$(aws cloudfront update-distribution  --id $DISTRIBUTION_ID --if-match $ETAG  --distribution-config file://./distribution.json | jq -r .ETag)

rm distribution.json
rm cloudfront.json

echo "Waiting to be undeployed..."
OPERATION_STATUS="PENDING"
    while [ $OPERATION_STATUS = "PENDING" ]
    do
            OPERATION_STATUS=$(aws cloudfront get-distribution --id  $DISTRIBUTION_ID  | jq -r .Distribution.Status)
            if [ $OPERATION_STATUS != "Deployed" ]
            then
            echo "Status: $OPERATION_STATUS. Distribution not deployed yet. Sleeping additional 15s...."
                    sleep 15s
            fi
    done

echo "Deleting Cloudfront distribution..."
aws cloudfront delete-distribution  --id $DISTRIBUTION_ID --if-match $ETAG

Upvotes: 1

romaninsh
romaninsh

Reputation: 10664

Here is entire script for disabling distribution automatically:

    id=E234343434

    tmpfile=$(mktemp /tmp/script.XXXXXX)
    tmpfile2=$(mktemp /tmp/script.XXXXXX)
    aws cloudfront get-distribution-config --id $id | \
       jq .DistributionConfig.Enabled=false > $tmpfile
    jq -r .DistributionConfig $tmpfile > $tmpfile2
    aws cloudfront update-distribution --id $id \
        --if-match $(jq .ETag $tmpfile -r) \
        --distribution-config file://$tmpfile2
    rm $tmpfile $tmpfile2

and to delete:

aws cloudfront delete-distribution --id $id --if-match \
  $(aws cloudfront get-distribution-config --id $id | jq .ETag -r)

Upvotes: 4

Jean Gauthier
Jean Gauthier

Reputation: 265

Oddly enough, the proposed solutions did not work for me. I kept getting

An error occurred (DistributionNotDisabled) when calling the DeleteDistribution operation: The distribution you are trying to delete has not been disabled.

when calling aws cloudfront delete-distribution.

The issue seems to be that you can't immediately disable the distribution with aws cloudfront update-distribution, its status taking a while to be updated (cf. the AWS Console, where the status is shown as 'In Progress').

In summary, the following sequence of commands solved my issue:

aws cloudfront update-distribution
aws cloudfront wait distribution-deployed
aws cloudfront delete-distribution

Upvotes: 7

hailong
hailong

Reputation: 1515

imperalix's answer works perfect for me! Let me add two more basic commands just incase some new comers (like me) need it:

  1. To list all the distributions. From where you can find the id.
$ aws cloudfront list-distributions
  1. To delete the distribution. But as it was mentioned, it takes some time after you disable the distribution.
$ aws cloudfront delete-distribution --id E123456 --if-match ETag123456

Upvotes: -1

imperalix
imperalix

Reputation: 3751

While I can't provide you a minimal example, the following should work. You can obtain jq from your distribution's repository or from http://stedolan.github.io/jq/manual/.

  1. Get the Etag, will need it for step 3:

    $ aws cloudfront get-distribution-config --id E123456 | jq '. | .ETag'

Get current config:

  1. $ aws cloudfront get-distribution-config --id E123456 | jq '. | .DistributionConfig' > /tmp/disable-distribution-E123456

    Modify /tmp/disable-distribution-E123456, distribution config file to disable.

    Relevant section:

    "DefaultRootObject": null,
"PriceClass": "PriceClass_All",
"Enabled": true,  <-- Set to false

Update Distribution:

  1. $ aws cloudfront update-distribution --id E123456 --if-match E3SVA578MZF6JZ --distribution-config file:///tmp/disable-distribution-E123456

Upvotes: 15

Related Questions