我的脚本涉及将文件上传到s3,然后创建一个无效内容以刷新内容。
上传到s3部分工作正常,但是在创建无效内容时,出现此错误:
An error occurred (SignatureDoesNotMatch) when calling the CreateInvalidation
operation: Signature expired: 20190717T012747Z is now earlier than
20190717T012755Z (20190717T013255Z - 5 min.)
但是s3操作有效,所以为什么Cloudfront无法正常工作使我感到困惑。
我的脚本是这样的:
# deploy to the s3 bucket
aws s3 sync ./public/. s3://{bucket} --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers
# invalidate CF
aws cloudfront create-invalidation --distribution-id {dist_id} --paths /*
我的IAM权限设置为CloudFrontFullAccess,即:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": [
"acm:ListCertificates",
"cloudfront:*",
"iam:ListServerCertificates",
"waf:ListWebACLs",
"waf:GetWebACL"
],
"Effect": "Allow",
"Resource": "*"
}
]
}