If you are getting access denied when calling the CreateInvalidation operation on AWS CLI, it must be a permission issue for that user.
In this post, I am using the Jenkins pipeline to build and pushing the artifacts into S3. I am using CloudFront for Content Delivery Network (CDN) and hosting my web site in Route 53.
When I am trying to do the CloudFront Distribution invalidate the cache from CLI, I am getting this below error. I thought to add some screenshot to get more visibility, so added below.
Error Log:-
A client error (AccessDenied) occurred when calling the CreateInvalidation operation: User: arn:aws:iam::xxxxxxxxxxx:user/yyyy is not authorized to perform: cloudfront:
The below command I am using from AWS CLI :
Resolution:-
Add the "CreateInvalidation" permission to that user. Below are the steps to add the permission.
Jenkins Success Log:-
; perhaps you meant to use ‘PATH+EXTRA=/something/bin’?
+ aws configure set preview.cloudfront true
[Pipeline] sh
Warning: JENKINS-41339 probably bogus PATH=/var/lib/jenkins/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/node-v10.16.3-linux-x64/bin:/var/lib/jenkins/tools/hudson.model.JDK/JDK8-152/bin:$PATH:/usr/local/bin:$MAVEN_HOME/bin:/usr/local/bin:/var/lib/jenkins/tools/hudson.tasks.Maven_MavenInstallation/mvn/bin:/usr/sbin:/usr/bin:/sbin:/bin; perhaps you meant to use ‘PATH+EXTRA=/something/bin’?
+ aws cloudfront create-invalidation --distribution-id UJH89JKKMOVY340 --paths '/*'
{
"Invalidation": {
"Status": "InProgress",
"InvalidationBatch": {
"Paths": {
"Items": [
"/*"
],
"Quantity": 1
},
"CallerReference": "cli-1588239578-85708"
},
"Id": "I3HILN71CKWOV4",
"CreateTime": "2020-04-30T09:39:38.919Z"
},
"Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/UJH89JKKMOVY340/invalidation/I3HILN71CKWOV4"
}
Hope this will help you.
In this post, I am using the Jenkins pipeline to build and pushing the artifacts into S3. I am using CloudFront for Content Delivery Network (CDN) and hosting my web site in Route 53.
When I am trying to do the CloudFront Distribution invalidate the cache from CLI, I am getting this below error. I thought to add some screenshot to get more visibility, so added below.
Error Log:-
A client error (AccessDenied) occurred when calling the CreateInvalidation operation: User: arn:aws:iam::xxxxxxxxxxx:user/yyyy is not authorized to perform: cloudfront:
The below command I am using from AWS CLI :
aws configure set preview.cloudfront true
aws cloudfront create-invalidation --distribution-id UJH89JKKMOVY340 --paths "/*"
Resolution:-
Add the "CreateInvalidation" permission to that user. Below are the steps to add the permission.
- Goto Identity and Access Management (IAM)
- Goto Users and find your username, here for me its "Jenkins"
- Then add a new "Add Inline policy", below the screenshot.
- Now add the below policy into the JSON policy editor. Below the screenshot.
Policy JSON:-
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditoro",
"Effect": "Allow",
"Action": "cloudfront:CreateInvalidation",
"Resource": "arn:aws:cloudfront::17088938460999:distribution/UJH89JKKMOVY340"
}
]
}
Sample Screenshot:-
Now, it's working fine. I can see the Jenkins logs below.
Jenkins Success Log:-
; perhaps you meant to use ‘PATH+EXTRA=/something/bin’?
+ aws configure set preview.cloudfront true
[Pipeline] sh
Warning: JENKINS-41339 probably bogus PATH=/var/lib/jenkins/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/node-v10.16.3-linux-x64/bin:/var/lib/jenkins/tools/hudson.model.JDK/JDK8-152/bin:$PATH:/usr/local/bin:$MAVEN_HOME/bin:/usr/local/bin:/var/lib/jenkins/tools/hudson.tasks.Maven_MavenInstallation/mvn/bin:/usr/sbin:/usr/bin:/sbin:/bin; perhaps you meant to use ‘PATH+EXTRA=/something/bin’?
+ aws cloudfront create-invalidation --distribution-id UJH89JKKMOVY340 --paths '/*'
{
"Invalidation": {
"Status": "InProgress",
"InvalidationBatch": {
"Paths": {
"Items": [
"/*"
],
"Quantity": 1
},
"CallerReference": "cli-1588239578-85708"
},
"Id": "I3HILN71CKWOV4",
"CreateTime": "2020-04-30T09:39:38.919Z"
},
"Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/UJH89JKKMOVY340/invalidation/I3HILN71CKWOV4"
}
Hope this will help you.
- How to get aws access key id and secret access.
- Top 10 groovy interview question.
- Difference between groovy and java.
- What is full stack development experience.
- 5 fundamental questions of groovy.
- Write your first java program.
- Reverse string using recursive method in java.
- Java 8 use Option - avoid NullPointerException
- GetIntents Error for lex runtime
