Skip to content

New action: aws_cloudfront_create_invalidation #43955

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 20 commits into from
Sep 17, 2025
Merged

New action: aws_cloudfront_create_invalidation #43955

merged 20 commits into from
Sep 17, 2025

Conversation

@YakDriver
Copy link
Member

@YakDriver YakDriver commented Aug 19, 2025
edited
Loading

Rollback Plan

If a change needs to be reverted, we will publish an updated version of the library.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

Description

Since these actions may be merged in bulk, extra checklist to help:

  • Rebase on Actions plumbing #43669 after it's updated, deconflicted
  • Changelog
  • PR description
  • Action file
  • Test file with terraform_data trigger
  • Test results in PR
  • website/docs/actions/ file
  • Warning at top of website docs
  • Update warning on top of website docs
  • Service package registration
  • Update code for simplified actions
  • Use region pattern (framework.WithRegionModel) (N/A, global resource)
  • Add 1.14 skips for tests
  • Add authorization skip
  • Rerun all tests after final rebase

This PR introduces a new Terraform action that allows users to invalidate a CloudFront distribution cache for specified paths. The action creates an invalidation request via the AWS CloudFront API and waits for it to complete, providing real-time progress updates throughout the process. Users can specify individual files, directory wildcards, or invalidate all cached content, with configurable timeouts and optional caller references for tracking.

The action is designed for common CI/CD workflows where cache invalidation is needed after deploying updated static assets. It integrates seamlessly with terraform_data lifecycle triggers, enabling automatic cache invalidation during infrastructure updates. The implementation includes comprehensive validation, error handling for CloudFront-specific scenarios (like too many concurrent invalidations), and follows the established AWS provider patterns for actions with proper documentation and acceptance tests.

resource "aws_cloudfront_distribution" "example" {
  # ... distribution configuration
}

action "aws_cloudfront_create_invalidation" "example" {
  config {
    distribution_id = aws_cloudfront_distribution.example.id
    paths           = ["/*"]
  }
}

resource "terraform_data" "example" {
  input = "trigger-invalidation"

  lifecycle {
    action_trigger {
      events  = [before_create, before_update]
      actions = [action.aws_cloudfront_create_invalidation.example]
    }
  }
}

Relations

References

Output from Acceptance Testing

% make t T=TestAccCloudFrontCreateInvalidationAction_basic K=cloudfront
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.24.6 test ./internal/service/cloudfront/... -v -count 1 -parallel 20 -run='TestAccCloudFrontCreateInvalidationAction_basic'  -timeout 360m -vet=off
2025/08/19 16:25:11 Creating Terraform AWS Provider (SDKv2-style)...
2025/08/19 16:25:11 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccCloudFrontCreateInvalidationAction_basic
=== PAUSE TestAccCloudFrontCreateInvalidationAction_basic
=== CONT  TestAccCloudFrontCreateInvalidationAction_basic
--- PASS: TestAccCloudFrontCreateInvalidationAction_basic (541.27s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/cloudfront	549.580s

@YakDriver YakDriver requested a review from a team as a code owner August 19, 2025 20:17
@github-actions
Copy link
Contributor

github-actions bot commented Aug 19, 2025

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/cloudfront Issues and PRs that pertain to the cloudfront service. provider Pertains to the provider itself, rather than any interaction with AWS. client-connections Pertains to the AWS Client and service connections. generators Relates to code generators. size/XL Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. labels Aug 19, 2025
@YakDriver YakDriver mentioned this pull request Aug 19, 2025
Merged
14 tasks
@YakDriver YakDriver changed the title New action: aws_cloudfront_create_invalidation New action: aws_cloudfront_create_invalidation Aug 20, 2025
@YakDriver YakDriver marked this pull request as draft August 20, 2025 14:49
@YakDriver YakDriver mentioned this pull request Aug 20, 2025
Merged
14 tasks
This was referenced Sep 10, 2025
Merged
Merged
Merged
@YakDriver YakDriver force-pushed the f-cloudfront-invalidate-cache-action branch from b1b9d8b to 1c43cb1 Compare September 16, 2025 22:27
@YakDriver
Copy link
Member Author

YakDriver commented Sep 16, 2025

Test account permissions have been updated so that I can no longer test this action...

@github-actions github-actions bot added the linter Pertains to changes to or issues with the various linters. label Sep 17, 2025
@github-actions github-actions bot added the repository Repository modifications; GitHub Actions, developer docs, issue templates, codeowners, changelog. label Sep 17, 2025
@YakDriver YakDriver marked this pull request as ready for review September 17, 2025 15:25
@YakDriver
Copy link
Member Author

YakDriver commented Sep 17, 2025

And, I have permission again. After all the rebases:

% make t T=TestAccCloudFrontCreateInvalidationAction_basic K=cloudfront
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
make: Running acceptance tests on branch: 🌿 f-cloudfront-invalidate-cache-action 🌿...
TF_ACC=1 go1.24.6 test ./internal/service/cloudfront/... -v -count 1 -parallel 20 -run='TestAccCloudFrontCreateInvalidationAction_basic'  -timeout 360m -vet=off
2025/09/17 11:18:06 Creating Terraform AWS Provider (SDKv2-style)...
2025/09/17 11:18:06 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccCloudFrontCreateInvalidationAction_basic
=== PAUSE TestAccCloudFrontCreateInvalidationAction_basic
=== CONT  TestAccCloudFrontCreateInvalidationAction_basic
--- PASS: TestAccCloudFrontCreateInvalidationAction_basic (488.95s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/cloudfront	494.414s

jar-b
jar-b previously approved these changes Sep 17, 2025
View reviewed changes
Copy link
Member

@jar-b jar-b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🎉

% TF_ACC_TERRAFORM_PATH=/Users/jaredbaker/go/bin/terraform make t K=cloudfront T=TestAccCloudFrontCreateInvalidationAction_basic
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
make: Running acceptance tests on branch: 🌿 f-cloudfront-invalidate-cache-action 🌿...
TF_ACC=1 go1.24.6 test ./internal/service/cloudfront/... -v -count 1 -parallel 20 -run='TestAccCloudFrontCreateInvalidationAction_basic'  -timeout 360m -vet=off
2025/09/17 13:34:36 Creating Terraform AWS Provider (SDKv2-style)...
2025/09/17 13:34:36 Initializing Terraform AWS Provider (SDKv2-style)...

--- PASS: TestAccCloudFrontCreateInvalidationAction_basic (454.63s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/cloudfront 461.275s

internal/service/cloudfront/create_invalidation_action.go
Comment on lines +124 to +130
if !regexache.MustCompile(`^(/.*|\*)$`).MatchString(path) {
resp.Diagnostics.AddError(
"Invalid Path Format",
fmt.Sprintf("Path '%s' must start with '/' or be '*' for all files", path),
)
return
}
Copy link
Member

@jar-b jar-b Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a blocker, but may be nice to write a custom type to handle this validation in the future.

@YakDriver YakDriver merged commit 2604401 into main Sep 17, 2025
72 checks passed
@YakDriver YakDriver deleted the f-cloudfront-invalidate-cache-action branch September 17, 2025 19:08
@github-actions
Copy link
Contributor

github-actions bot commented Sep 17, 2025

Warning

This Issue has been closed, meaning that any additional comments are much easier for the maintainers to miss. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

@github-actions github-actions bot added this to the v6.14.0 milestone Sep 17, 2025
This was referenced Sep 18, 2025
Merged
Merged
@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Sep 18, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Sep 18, 2025

This functionality has been released in v6.14.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

This was referenced Sep 25, 2025
Merged
Merged
Merged
Merged
Merged
@github-actions
Copy link
Contributor

github-actions bot commented Oct 19, 2025

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 19, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jar-b jar-b jar-b approved these changes

Assignees

No one assigned

Labels

client-connections Pertains to the AWS Client and service connections. documentation Introduces or discusses updates to documentation. generators Relates to code generators. linter Pertains to changes to or issues with the various linters. provider Pertains to the provider itself, rather than any interaction with AWS. repository Repository modifications; GitHub Actions, developer docs, issue templates, codeowners, changelog. service/cloudfront Issues and PRs that pertain to the cloudfront service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.

Projects

None yet

Milestone

v6.14.0

Development

Successfully merging this pull request may close these issues.

2 participants

@YakDriver @jar-b