salt.modules.boto_cloudfront

Connection module for Amazon CloudFront

New in version 2018.3.0.

depends

boto3

configuration

This module accepts explicit AWS credentials but can also utilize IAM roles assigned to the instance through Instance Profiles or it can read them from the ~/.aws/credentials file or from these environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/
    iam-roles-for-amazon-ec2.html

http://boto3.readthedocs.io/en/latest/guide/
    configuration.html#guide-configuration

If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:

cloudfront.keyid: GKTADJGHEIQSXMKKRBJ08H
cloudfront.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be specified in the configuration:

cloudfront.region: us-east-1

If a region is not specified, the default is us-east-1.

It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1
salt.modules.boto_cloudfront.cloud_front_origin_access_identity_exists(Id, region=None, key=None, keyid=None, profile=None)

Return True if a CloudFront origin access identity exists with the given Resource ID or False otherwise.

Id

Resource ID of the CloudFront origin access identity.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.cloud_front_origin_access_identity_exists Id=E30RBTSABCDEF0
salt.modules.boto_cloudfront.create_cloud_front_origin_access_identity(region=None, key=None, keyid=None, profile=None, **kwargs)

Create a CloudFront origin access identity with the provided configuration details.

CloudFrontOriginAccessIdentityConfig

The origin access identity's configuration information.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.create_cloud_front_origin_access_identity                 CloudFrontOriginAccessIdentityConfig='{
            "CallerReference": "28deef17-cc47-4169-b1a2-eff30c997bf0",
            "Comment": "CloudFront origin access identity for SPA"
        }'
salt.modules.boto_cloudfront.create_distribution(name, config, tags=None, region=None, key=None, keyid=None, profile=None)

Create a CloudFront distribution with the given name, config, and (optionally) tags.

name

Name for the CloudFront distribution

config

Configuration for the distribution

tags

Tags to associate with the distribution

region

Region to connect to

key

Secret key to use

keyid

Access key to use

profile

A dict with region, key, and keyid, or a pillar key (string) that contains such a dict.

CLI Example:

salt myminion boto_cloudfront.create_distribution name=mydistribution profile=awsprofile             config='{"Comment":"partial configuration","Enabled":true}'
salt.modules.boto_cloudfront.create_distribution_v2(region=None, key=None, keyid=None, profile=None, **kwargs)

Create a CloudFront distribution with the provided configuration details. A LOT of fields are required in DistributionConfig to make up a valid creation request. Details can be found at __: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-overview-required-fields.html and __: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cloudfront.html#CloudFront.Client.create_distribution

DistributionConfig

The distribution's configuration information.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

# Note that, minus the Aliases section, this is pretty close to the minimal config I've
# found which AWS will accept for a create_distribution() call...
salt myminion boto_cloudfront.create_distribution_v2 DistributionConfig='{
    "CallerReference": "28deef17-cc47-4169-b1a2-eff30c997bf0",
    "Aliases": {
        "Items": [
            "spa-dev.saltstack.org"
        ],
        "Quantity": 1
    },
    "Comment": "CloudFront distribution for SPA",
    "DefaultCacheBehavior": {
        "AllowedMethods": {
            "CachedMethods": {
                "Items": [
                    "HEAD",
                    "GET"
                ],
                "Quantity": 2
            },
            "Items": [
                "HEAD",
                "GET"
            ],
            "Quantity": 2
        },
        "Compress": false,
        "DefaultTTL": 86400,
        "FieldLevelEncryptionId": "",
        "ForwardedValues": {
            "Cookies": {
                "Forward": "none"
            },
            "Headers": {
                "Quantity": 0
            },
            "QueryString": false,
            "QueryStringCacheKeys": {
                "Quantity": 0
            }
        },
        "LambdaFunctionAssociations": {
            "Quantity": 0
        },
        "MaxTTL": 31536000,
        "MinTTL": 0,
        "SmoothStreaming": false,
        "TargetOriginId": "saltstack-spa-cf-dist",
        "TrustedSigners": {
            "Enabled": false,
            "Quantity": 0
        },
        "ViewerProtocolPolicy": "allow-all"
    },
    "DefaultRootObject": "",
    "Enabled": true,
    "HttpVersion": "http2",
    "IsIPV6Enabled": true,
    "Logging": {
        "Bucket": "",
        "Enabled": false,
        "IncludeCookies": false,
        "Prefix": ""
    },
    "Origins": {
        "Items": [
            {
                "CustomHeaders": {
                    "Quantity": 0
                },
                "DomainName": "saltstack-spa-dist.s3.amazonaws.com",
                "Id": "saltstack-spa-dist",
                "OriginPath": "",
                "S3OriginConfig": {
                    "OriginAccessIdentity": "origin-access-identity/cloudfront/EABCDEF1234567"
                }
            }
        ],
        "Quantity": 1
    },
    "PriceClass": "PriceClass_All",
    "ViewerCertificate": {
        "CertificateSource": "cloudfront",
        "CloudFrontDefaultCertificate": true,
        "MinimumProtocolVersion": "TLSv1"
    },
    "WebACLId": ""
}'
salt.modules.boto_cloudfront.delete_cloud_front_origin_access_identity(region=None, key=None, keyid=None, profile=None, **kwargs)

Delete a CloudFront origin access identity.

Id

Id of the origin access identity to delete.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.delete_origin_access_identity Id=E30RBTSABCDEF0
salt.modules.boto_cloudfront.delete_distribution(region=None, key=None, keyid=None, profile=None, **kwargs)

Delete a CloudFront distribution.

Id

Id of the distribution to delete.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.delete_distribution Id=E24RBTSABCDEF0
salt.modules.boto_cloudfront.disable_distribution(region=None, key=None, keyid=None, profile=None, **kwargs)

Set a CloudFront distribution to be disabled.

Id

Id of the distribution to update.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.disable_distribution Id=E24RBTSABCDEF0
salt.modules.boto_cloudfront.distribution_exists(Id, region=None, key=None, keyid=None, profile=None)

Return True if a CloudFront distribution exists with the given Resource ID or False otherwise.

Id

Resource ID of the CloudFront distribution.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.distribution_exists Id=E24RBTSABCDEF0
salt.modules.boto_cloudfront.enforce_tags(Resource, Tags, region=None, key=None, keyid=None, profile=None)

Enforce a given set of tags on a CloudFront resource: adding, removing, or changing them as necessary to ensure the resource's tags are exactly and only those specified.

Resource

The ARN of the affected CloudFront resource.

Tags

Dict of {'Tag': 'Value', ...} providing the tags to be enforced.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.enforce_tags Tags='{Owner: Infra, Role: salt_master}' \
        Resource='arn:aws:cloudfront::012345678012:distribution/ETLNABCDEF123'
salt.modules.boto_cloudfront.export_distributions(region=None, key=None, keyid=None, profile=None)

Get details of all CloudFront distributions. Produces results that can be used to create an SLS file.

CLI Example:

salt-call boto_cloudfront.export_distributions --out=txt |            sed "s/local: //" > cloudfront_distributions.sls
salt.modules.boto_cloudfront.get_cloud_front_origin_access_identities_by_comment(Comment, region=None, key=None, keyid=None, profile=None)

Find and return any CloudFront Origin Access Identities which happen to have a Comment sub-field either exactly matching the given Comment, or beginning with it AND with the remainder separate by a colon.

Comment

The string to be matched when searching for the given Origin Access Identity. Note that this will be matched against both the exact value of the Comment sub-field, AND as a colon-separated initial value for the same Comment sub-field. E.g. given a passed Comment value of foobar, this would match a Origin Access Identity with EITHER a Comment sub-field of exactly foobar, OR a Comment sub-field beginning with foobar:. The intention here is to permit using the Comment field for storing actual comments, in addition to overloading it to store Salt's Name attribute.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.get_cloud_front_origin_access_identities_by_comment 'Comment=foobar'
salt myminion boto_cloudfront.get_cloud_front_origin_access_identities_by_comment 'Comment=foobar:Plus a real comment'
salt.modules.boto_cloudfront.get_cloud_front_origin_access_identity(region=None, key=None, keyid=None, profile=None, **kwargs)

Get information about a CloudFront origin access identity given its Resource ID.

Id

Resource ID of the CloudFront origin access identity.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.get_origin_access_identity Id=E30ABCDEF12345
salt.modules.boto_cloudfront.get_cloud_front_origin_access_identity_config(region=None, key=None, keyid=None, profile=None, **kwargs)

Get config information about a CloudFront origin access identity given its Resource ID.

Id

Resource ID of the CloudFront origin access identity.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.get_cloud_front_origin_access_identity_config Id=E30ABCDEF12345
salt.modules.boto_cloudfront.get_distribution(name, region=None, key=None, keyid=None, profile=None)

Get information about a CloudFront distribution (configuration, tags) with a given name.

name

Name of the CloudFront distribution

region

Region to connect to

key

Secret key to use

keyid

Access key to use

profile

A dict with region, key, and keyid, or a pillar key (string) that contains such a dict.

CLI Example:

salt myminion boto_cloudfront.get_distribution name=mydistribution profile=awsprofile
salt.modules.boto_cloudfront.get_distribution_config(region=None, key=None, keyid=None, profile=None, **kwargs)

Get config information about a CloudFront distribution given its Resource ID.

Id

Resource ID of the CloudFront distribution.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.get_distribution_config Id=E24RBTSABCDEF0
salt.modules.boto_cloudfront.get_distribution_v2(region=None, key=None, keyid=None, profile=None, **kwargs)

Get information about a CloudFront distribution given its Resource ID.

Id

Resource ID of the CloudFront distribution.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.get_distribution_v2 Id=E24RBTSABCDEF0
salt.modules.boto_cloudfront.get_distributions_by_comment(Comment, region=None, key=None, keyid=None, profile=None)

Find and return any CloudFront distributions which happen to have a Comment sub-field either exactly matching the given Comment, or beginning with it AND with the remainder separated by a colon.

Comment

The string to be matched when searching for the given Distribution. Note that this will be matched against both the exact value of the Comment sub-field, AND as a colon-separated initial value for the same Comment sub-field. E.g. given a passed Comment value of foobar, this would match a distribution with EITHER a Comment sub-field of exactly foobar, OR a Comment sub-field beginning with foobar:. The intention here is to permit using the Comment field for storing actual comments, in addition to overloading it to store Salt's Name attribute.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.get_distributions_by_comment 'Comment=foobar'
salt myminion boto_cloudfront.get_distributions_by_comment 'Comment=foobar:Plus a real comment'
salt.modules.boto_cloudfront.list_cloud_front_origin_access_identities(region=None, key=None, keyid=None, profile=None)

List, with moderate information, all CloudFront origin access identities in the bound account.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.list_cloud_front_origin_access_identities
salt.modules.boto_cloudfront.list_distributions(region=None, key=None, keyid=None, profile=None)

List, with moderate information, all CloudFront distributions in the bound account.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.list_distributions
salt.modules.boto_cloudfront.list_tags_for_resource(region=None, key=None, keyid=None, profile=None, **kwargs)

List tags attached to a CloudFront resource.

Resource

The ARN of the affected CloudFront resource.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.list_tags_for_resource Resource='arn:aws:cloudfront::012345678012:distribution/ETLNABCDEF123'
salt.modules.boto_cloudfront.tag_resource(region=None, key=None, keyid=None, profile=None, **kwargs)

Add tags to a CloudFront resource.

Resource

The ARN of the affected CloudFront resource.

Tags

Dict of {'Tag': 'Value', ...} providing the tags to be set.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.tag_resource Tags='{Owner: Infra, Role: salt_master}' \
        Resource='arn:aws:cloudfront::012345678012:distribution/ETLNABCDEF123'
salt.modules.boto_cloudfront.untag_resource(region=None, key=None, keyid=None, profile=None, **kwargs)

Remove tags from a CloudFront resource.

Resource

The ARN of the affected CloudFront resource.

TagKeys

List of Tag keys providing the tags to be removed.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.untag_resource TagKeys='[Owner, Role]' \
        Resource='arn:aws:cloudfront::012345678012:distribution/ETLNABCDEF123'
salt.modules.boto_cloudfront.update_cloud_front_origin_access_identity(region=None, key=None, keyid=None, profile=None, **kwargs)

Update a CloudFront origin access identity with the provided configuration details.

CloudFrontOriginAccessIdentityConfig

The origin access identity's configuration information.

Id

Id of the origin access identity to update.

IfMatch

The value of the ETag header from a previous get_cloud_front_origin_access_identity() call. Optional, but highly recommended to use this, to avoid update conflicts. If this value doesn't match the current ETag of the resource (in other words, if the resource was changed since you last fetched its config), the update will be refused.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

salt myminion boto_cloudfront.update_cloud_front_origin_access_identity Id=ET123456789AB \
        IfMatch=E2QWRUHABCDEF0 CloudFrontOriginAccessIdentityConfig='{
            "CallerReference": "28deef17-cc47-4169-b1a2-eff30c997bf0",
            "Comment": "CloudFront origin access identity for SPA"
        }'
salt.modules.boto_cloudfront.update_distribution(name, config, tags=None, region=None, key=None, keyid=None, profile=None)

Update the config (and optionally tags) for the CloudFront distribution with the given name.

name

Name of the CloudFront distribution

config

Configuration for the distribution

tags

Tags to associate with the distribution

region

Region to connect to

key

Secret key to use

keyid

Access key to use

profile

A dict with region, key, and keyid, or a pillar key (string) that contains such a dict.

CLI Example:

salt myminion boto_cloudfront.update_distribution name=mydistribution profile=awsprofile             config='{"Comment":"partial configuration","Enabled":true}'
salt.modules.boto_cloudfront.update_distribution_v2(region=None, key=None, keyid=None, profile=None, **kwargs)

Update a CloudFront distribution with the provided configuration details. A LOT of fields are required in DistributionConfig to make up a valid update request. Details can be found at __: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-overview-required-fields.html and __: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cloudfront.html#CloudFront.Client.update_distribution

DistributionConfig

The distribution's configuration information.

Id

Id of the distribution to update.

IfMatch

The value of the ETag header from a previous get_distribution_v2() call. Optional, but highly recommended to use this, to avoid update conflicts. If this value doesn't match the current ETag of the resource (in other words, if the resource was changed since you last fetched its config), the update will be refused.

region

Region to connect to.

key

Secret key to use.

keyid

Access key to use.

profile

Dict, or pillar key pointing to a dict, containing AWS region/key/keyid.

CLI Example:

# Note that, minus the Aliases section, this is pretty close to the minimal config I've
# found which AWS will accept for a update_distribution() call...
salt myminion boto_cloudfront.update_distribution_v2 Id=ET123456789AB IfMatch=E2QWRUHABCDEF0 DistributionConfig='{
    "CallerReference": "28deef17-cc47-4169-b1a2-eff30c997bf0",
    "Aliases": {
        "Items": [
            "spa-dev.saltstack.org"
        ],
        "Quantity": 1
    },
    "Comment": "CloudFront distribution for SPA",
    "DefaultCacheBehavior": {
        "AllowedMethods": {
            "CachedMethods": {
                "Items": [
                    "HEAD",
                    "GET"
                ],
                "Quantity": 2
            },
            "Items": [
                "HEAD",
                "GET"
            ],
            "Quantity": 2
        },
        "Compress": false,
        "DefaultTTL": 86400,
        "FieldLevelEncryptionId": "",
        "ForwardedValues": {
            "Cookies": {
                "Forward": "none"
            },
            "Headers": {
                "Quantity": 0
            },
            "QueryString": false,
            "QueryStringCacheKeys": {
                "Quantity": 0
            }
        },
        "LambdaFunctionAssociations": {
            "Quantity": 0
        },
        "MaxTTL": 31536000,
        "MinTTL": 0,
        "SmoothStreaming": false,
        "TargetOriginId": "saltstack-spa-cf-dist",
        "TrustedSigners": {
            "Enabled": false,
            "Quantity": 0
        },
        "ViewerProtocolPolicy": "allow-all"
    },
    "DefaultRootObject": "",
    "Enabled": true,
    "HttpVersion": "http2",
    "IsIPV6Enabled": true,
    "Logging": {
        "Bucket": "",
        "Enabled": false,
        "IncludeCookies": false,
        "Prefix": ""
    },
    "Origins": {
        "Items": [
            {
                "CustomHeaders": {
                    "Quantity": 0
                },
                "DomainName": "saltstack-spa-dist.s3.amazonaws.com",
                "Id": "saltstack-spa-dist",
                "OriginPath": "",
                "S3OriginConfig": {
                    "OriginAccessIdentity": "origin-access-identity/cloudfront/EABCDEF1234567"
                }
            }
        ],
        "Quantity": 1
    },
    "PriceClass": "PriceClass_All",
    "ViewerCertificate": {
        "CertificateSource": "cloudfront",
        "CloudFrontDefaultCertificate": true,
        "MinimumProtocolVersion": "TLSv1"
    },
    "WebACLId": ""
}'