禁止向Cloudfront端点发送请求

时间:2014-11-11 23:37:03

标签: python amazon-web-services amazon-cloudfront

我正在尝试向我的cloudfront dist发送无效批处理。我正是这样做的:

import requests
import datetime
from tinys3.auth import S3Auth

date = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
host = 'cloudfront.amazonaws.com'
path = '/2014-10-21/distribution/%s/invalidation' % DIST_ID

auth = S3Auth(s3key, s3secret)
# I'm assuming the authorization for s3 takes the same form as the auth for cloudfront.

file_path = 'path/to/file'

data = ['<?xml version="1.0" encoding="UTF-8"?>']
data.append('<InvalidationBatch xmlns="http://cloudfront.amazonaws.com/doc/2014-10-21/">')
data.append('<Paths><Quantity>1</Quantity><Items><Path>/%s</Path></Items></Paths>' % file_path)
data.append('<CallerReference>%s</CallerReference>' % date)
data.append('</InvalidationBatch>')
data = ''.join(data)

try:
    url = 'https://%s%s' % (host, path)
    r = requests.post(url, data=data, headers=headers, auth=auth)
    r.raise_for_status()
    print 'Success?'
except:
    raise

正如您所看到的,我正在使用tinys3.py和cloudfront api的授权协议。你可以在这里和这里找到他们的文档:

https://github.com/smore-inc/tinys3

http://docs.aws.amazon.com/AmazonCloudFront/latest/APIReference/CreateInvalidation.html

当我发出POST请求时,我得到403.但我很肯定我的发行版ID是有效的(我可以通过cloudfront GUI使用它)。我做错了什么?

1 个答案:

答案 0 :(得分:1)

我一直在使用boto进行CloudFront失效。使用boto的Python代码看起来像这样:

import boto

cfcon = boto.connect_cloudfront('your-aws-access-key-id', 'your-aws-secret-access-key')
files = [<your files>]
cfcon.create_invalidation_request(DIST_ID, files)