CODEWITHSUNDEEP
amazon-web-services
pavankumar
pavankumar

Reputation: 41

How to fix aws-cli cloudfront update distribution command?

I have been trying to execute below command but it resulted in an error

aws cloudfront update-distribution --id E29BDBENPXM1VE \ 
--Origins '{ "Items": [{
                    "OriginPath": "", 
                    "CustomOriginConfig": {
                        "OriginSslProtocols": {
                            "Items": [
                                "TLSv1", 
                                "TLSv1.1", 
                                "TLSv1.2"
                            ], 
                            "Quantity": 3
                        }
                    }
                }
            ]
        }'

ERROR::: Unknown options: { "Items": [{ "OriginPath": "", "CustomOriginConfig": { "OriginSslProtocols": { "Items": [ "TLSv1", "TLSv1.1", "TLSv1.2" ], "Quantity": 3 } } } ] }, --Origins

I have to remove cloudfront : OriginSslProtocols:SSLv3 

aws cloudfront update-distribution --id E29BDBENPXM1VE \ 
--Origins '{ "Items": [{
                    "OriginPath": "", 
                    "CustomOriginConfig": {
                        "OriginSslProtocols": {
                            "Items": [
                                "TLSv1", 
                                "TLSv1.1", 
                                "TLSv1.2"
                            ], 
                            "Quantity": 3
                        }
                    }
                }
            ]
        }'

1) How to fix above code,if not possible if there any command other than below command to disable/remove OriginSslProtocols:SSLv3 

aws cloudfront update-distribution --id E29BDBENPXM1VE --distribution-config  file://secure-ssl.json --if-match E35YV3CGILXQDJ

Upvotes: 1

Views: 3174

Answers (1)

Martin Löper
Martin Löper

Reputation: 6649

You are using the right command and it should be possible to do what you want.
However, it is slightly more complicated.

The corresponding reference page for the cli command aws cloudfront update-distribution says:

When you update a distribution, there are more required fields than when you create a distribution.

That is why you must follow the steps which are given in the cli reference [1]:

  • Submit a GetDistributionConfig request to get the current configuration and an Etag header for the distribution.
  • Update the XML document that was returned in the response to your GetDistributionConfig request to include your changes.
  • Submit an UpdateDistribution request to update the configuration for your distribution:
    • In the request body, include the XML document that you updated in Step 2. The request body must include an XML document with a DistributionConfig element.
    • Set the value of the HTTP If-Match header to the value of the ETag header that CloudFront returned when you submitted the GetDistributionConfig request in Step 1.
  • Review the response to the UpdateDistribution request to confirm that the configuration was successfully updated.
  • Optional: Submit a GetDistribution request to confirm that your changes have propagated. When propagation is complete, the value of Status is Deployed .

Fore info about the correct xml format is given in the CloudFront API Reference [2].

References

[1] https://docs.aws.amazon.com/cli/latest/reference/cloudfront/update-distribution.html
[2] https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html

Upvotes: 2

Related Questions