A simple ansible module for making Cloudfront invalidation requests

Posted on 11/14/2016 by Brian Carey

Hello all and welcome to the KISS IT blog!  Today I bring you a relatively short post announcing a new Ansible module I developed due to the functionality not already existing in the core or extras Ansible modules.  I was recently asked to build a deployment task that included updating files in an S3 bucket that are then served via a CloudFront distribution for CDN functionality.  Updating the files in S3 using Ansible was trivial but then I realized that Ansible provided no functionality to clear the caches for the files in question.  I decided to use this as an opportunity to create my first module for Ansible knowing that what I needed a very straightforward task.

The module is named cloudfront_invalidate and can be found on our Github account: https://github.com/kissit/ansible-cloudfront-invalidate

Overview

Since this was the first time creating a module I reviewed the Ansible developer docs to familiarize myself with their recommendations.  Then, knowing that the existing EC2 related modules provided similar functionality in terms of connecting to the AWS API via Boto I started with an existing module as a guide and changed to suit.  As I said I knew that what I needed to accomplish was simple so it didn't take much, even for a non Python developer such as myself.

Requirements

If you already have Ansible up and running and use it in some fashion for managing your AWS resources you would already have everything you need.  If you don't have this, you need to have ansible installed as well as python-boto.  Additionally you need to configure your AWS API credentials in your environment as follows.  More details can also be found here.

export AWS_SECRET_ACCESS_KEY=<your_aws_secret_access_key>
export AWS_ACCESS_KEY_ID=<your_aws_access_key_id>

Installing

In order to install the module you need to either clone or download the github repo.  Then you need to place the cloudfront_invalidate.py file within your ansible module path.  One option for this would be to place it in a folder named library in the root of your ansible project where your main playbooks are.

Usage

Once you've placed the module file where Ansible can find it, you can use it just like any other module.  There are only two options accepted by the module, they are:

  • distribution_id: Your CloudFront distribution ID where you want to clear the cache
  • path: A path to clear.  This should be passed in the same as you would via the AWS web console when clearing cache.

Here is an example making a single request to clear a wildcard path.

- name: "Invalidate a single path"
  cloudfront_invalidate: 
    distribution_id: YOUR_CLOUDFRONT_DIST_ID
    path: "/js/*"

Here is another example showing how you can make multiple requests using a with_items section.

- name: "Invalidate multiple paths"
  cloudfront_invalidate: 
    distribution_id: YOUR_CLOUDFRONT_DIST_ID
    path: "{{ item }}"
  with_items:
    - "/js/*"
    - "/images/*"

Conclusion

That's all there is to it.  Hopefully someone else out there will find this module useful.  Thanks again for taking the time to review our work and as always, please don't hesitate to contact us with any questions or comments regarding this post.