https://docs.aws.amazon.com/ja_jp/AmazonCloudFront/latest/DeveloperGuide/functions-tutorial.html
https://zenn.dev/yh1224/articles/xq2kvl7vv1ygl8c4z
https://dev.classmethod.jp/articles/amazon-cloudfront-functions-release/
-- 1. コマンド等のインストール
-- 1.1 aws cli version 2 インストール
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
-- 1.2 jqインストール
sudo yum -y install jq
-- 2. S3 バケットを作成する
aws s3 ls
aws s3 mb s3://bucket123
-- 3. パブリックアクセスブロック設定の編集
-- 3.1 アカウントレベル
aws s3control put-public-access-block \
--account-id 999999999999 \
--public-access-block-configuration "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false"
aws s3control get-public-access-block \
--account-id 999999999999
-- 3.2 バケットレベル
aws s3api put-public-access-block \
--bucket bucket123 \
--public-access-block-configuration "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false"
aws s3api get-public-access-block \
--bucket bucket123
-- 4. バケットポリシーの設定
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket123/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "0.0.0.0/0"
}
}
}
]
}
aws s3api put-bucket-policy \
--bucket bucket123 \
--policy file://b.json
aws s3api get-bucket-policy \
--bucket bucket123
-- 5. インデックスドキュメントの設定
vim index.html
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>My Website Home Page</title>
</head>
<body>
<h1>Welcome to my website</h1>
<p>Now hosted on Amazon S3!</p>
</body>
</html>
aws s3api put-object --bucket bucket123 --key index.html --body index.html --content-type text/html
-- 6. ディストリビューションの作成
aws cloudfront create-distribution \
--origin-domain-name bucket123.s3.ap-northeast-1.amazonaws.com \
--default-root-object index.html
aws cloudfront list-distributions
aws cloudfront get-distribution \
--id AAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAA
-- 7. CloudFront Functionの作成
vim test.js
function handler(event) {
// NOTE: This example function is for a viewer request event trigger.
// Choose viewer request for event trigger when you associate this function with a distribution.
var response = {
statusCode: 302,
statusDescription: 'Found',
headers: {
'cloudfront-functions': { value: 'generated-by-CloudFront-Functions' },
'location': { value: 'https://aws.amazon.com/cloudfront/' }
}
};
return response;
}
cat test.js | openssl base64 | xargs | sed 's/ //g'
aws cloudfront create-function \
--name func01 \
--function-config '{
"Comment": "func01",
"Runtime": "cloudfront-js-1.0"
}' \
--function-code 'ZnVuY3Rpb24gaGFuZGxlcihldmVudCkgewogICAgLy8gTk9URTogVGhpcyBleGFtcGxlIGZ1bmN0aW9uIGlzIGZvciBhIHZpZXdlciByZXF1ZXN0IGV2ZW50IHRyaWdnZXIuIAogICAgLy8gQ2hvb3NlIHZpZXdlciByZXF1ZXN0IGZvciBldmVudCB0cmlnZ2VyIHdoZW4geW91IGFzc29jaWF0ZSB0aGlzIGZ1bmN0aW9uIHdpdGggYSBkaXN0cmlidXRpb24uIAogICAgdmFyIHJlc3BvbnNlID0gewogICAgICAgIHN0YXR1c0NvZGU6IDMwMiwKICAgICAgICBzdGF0dXNEZXNjcmlwdGlvbjogJ0ZvdW5kJywKICAgICAgICBoZWFkZXJzOiB7CiAgICAgICAgICAgICdjbG91ZGZyb250LWZ1bmN0aW9ucyc6IHsgdmFsdWU6ICdnZW5lcmF0ZWQtYnktQ2xvdWRGcm9udC1GdW5jdGlvbnMnIH0sCiAgICAgICAgICAgICdsb2NhdGlvbic6IHsgdmFsdWU6ICdodHRwczovL2F3cy5hbWF6b24uY29tL2Nsb3VkZnJvbnQvJyB9CiAgICAgICAgfQogICAgfTsKICAgIHJldHVybiByZXNwb25zZTsKfQoK'
aws cloudfront list-functions
aws cloudfront describe-function \
--name func01
aws cloudfront get-function \
--name func01 a.js
cat a.js
aws cloudfront publish-function \
--name func01 \
--if-match BBBBBBBBBBBBB
-- 8. CloudFront Functionをディストリビューションに関連付ける
aws cloudfront get-distribution \
--id AAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAA | jq -r .DistributionConfig > distribution.json
DefaultCacheBehavior -> FunctionAssociations を下記のように修正
"FunctionAssociations": {
"Quantity": 1,
"Items": [
{
"FunctionARN": "arn:aws:cloudfront::999999999999:function/func01",
"EventType": "viewer-request"
}
]
},
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAA | jq -r .ETag
aws cloudfront update-distribution \
--id AAAAAAAAAAAAA \
--if-match CCCCCCCCCCCCCC \
--distribution-config file://distribution.json
-- 9. 動作確認
curl -v -X GET http://xxxxxxxxxxxxxx.cloudfront.net/index.html
-- 10. クリーンアップ
-- ディストリビューションの無効化
aws cloudfront get-distribution \
--id AAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAA
※ distribution.jsonはget-distribution-configコマンドのDistributionConfigから取得し、Enabledをfalseに変更する
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAA | jq -r .DistributionConfig > distribution.json
sed -i 's/"Enabled": true/"Enabled": false/' distribution.json
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAA | jq -r .ETag
aws cloudfront update-distribution \
--id AAAAAAAAAAAAA \
--if-match DDDDDDDDDDDD \
--distribution-config file://distribution.json
※ if-matchにはETagの値をセット
無効化されるまで待つ
-- ディストリビューションの削除
aws cloudfront get-distribution \
--id AAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAA | jq -r .ETag
aws cloudfront delete-distribution \
--id AAAAAAAAAAAAA \
--if-match EEEEEEEEEEEEEE
aws cloudfront list-distributions
-- CloudFront Functionの削除
aws cloudfront list-functions
aws cloudfront describe-function \
--name func01
aws cloudfront delete-function \
--name func01 \
--if-match BBBBBBBBBBBBB
aws s3 rb s3://bucket123 --force
-- アカウントレベルのパブリックアクセスブロックの有効化
aws s3control put-public-access-block \
--account-id 999999999999 \
--public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
aws s3control get-public-access-block \
--account-id 999999999999