Notify Lambda on CloudFront Distribution Creation End

0
votes

At the moment, we are calling cloudfront.listDistributions() every minute to identify a change in the status of the distribution we are deploying. This cause Lambda to timeout because CloudFront never deploys faster than 30 minutes (where Lambda timeouts after 15 min).

I would like to notify a Lambda function after a CloudFront Distribution is successfully created. This would allow us to execute the post-creation actions while saving valuable Lambda exec time.

Creating a Rule on CloudWatch does not offer the option to chose CloudFront. Nevertheless, it seems to accept creating a Custom Event Pattern with the source aws.cloudformation.

enter image description here

Considering options:

  • Trigger a lambda every 5 minutes to list distributions and compare states with previous states stored in DynamoDB.

Anybody with an idea to overcome this lack of feature from AWS?

1
node.jsaws-lambdaamazon-cloudfrontamazon-snsamazon-cloudwatch
FYI - also on Reddit : reddit.com/r/aws/comments/by8n7x/… - Sébastien
Hey Sébastien. What did you end up doing (if anything)? - Sam
@Theson I've ended up doing exactly what I said I would do: trigger lambda every N minutes to list CF distributions and compare actual state to a DB stored state.... Not optimal, but there seems to be no option to be notified of an event when a CF distribution changes its status... If anyone finds a way, or if the AWS stack evolves, I'm happy to review my comment :-) - Sébastien

1 Answers

0
votes

If you want and have time, there's a trickier and a bit more complex solution for doing that leveraging CloudTrail.

Disclaimer

CloudTrail is not a real-time log system, but ensure that all API calls will be reported on the console within 15 minutes (as stated here under the CloudTrail FAQs). Due to this, what's following makes sense only for long-running tasks like creating a CloudFront distribution, taking up an Aurora DB ans so on.

  • You can create a CloudWatch event based rule (let's call it CW-r1) on specific pattern like CreateDistribution or UpdateDistribution.

  • CW-r1 triggers a Lambda (LM-1) which enables another CloudWatch event base rule (CW-r2).

  • CW-r2 on a scheduled base, triggers a Lambda (LM-2) which via API request the state of specific distribution. Once distribution is "Deployed", LM-2 can send a notification via SNS for example (you can send EMAIL, SMS, Push Notification whatever is supported on SNS).

  • Once everything is finished, LM-2 can disable the CW-r2 rule in order to stop processing information.

In this way you can have an automatic notification system based on which API call you desire.