引言
AWS CloudFront是一个全球性的内容分发服务,用于提供低延迟和高可用性的静态和动态内容。通过使用Boto3库和Python脚本,我们可以轻松地更新CloudFront分发的关键配置,以优化性能。在这篇博文中,我们将介绍一个示例脚本,该脚本使用Boto3库来启用Origin Shield、更新缓存策略、配置HTTP版本和添加Response Headers Policy。
1. 准备工作
首先,确保你已经安装了boto3
库:
pip install boto3
然后,初始化CloudFront客户端:
import boto3
# 初始化CloudFront客户端
client = boto3.client('cloudfront')
2. 获取Distribution ID
我们定义了一个函数get_distribution_id
,该函数通过服务名称查找对应的CloudFront Distribution ID。它会遍历CloudFront分发列表,匹配Origin配置以找到正确的分发。
def get_distribution_id(service_name):
# 查找Distribution ID
response = client.list_distributions()
env = service_name.split('-')[0]
for distribution in response['DistributionList']['Items']:
for origin in distribution['Origins']['Items']:
# 检查Origin的DomainName和OriginPath是否与service_name匹配
if origin['DomainName'] == 'govee-static.s3.amazonaws.com' and origin['OriginPath'] == f'/{env}/{service_name}':
return distribution['Id']
3. 更新CloudFront分发
接下来,我们定义了一个函数update_cloudfront_distribution
,该函数接收Distribution ID作为参数,并更新CloudFront分发的配置。它包括启用Origin Shield、更新缓存策略、设置HTTP版本和添加Response Headers Policy。
def update_cloudfront_distribution(distribution_id):
"""
更新CloudFront分发的Origin Shield区域、缓存策略、HTTP版本和Response Headers Policy。
:param distribution_id: CloudFront分发的ID。
"""
# 获取当前的分发配置和ETag
response = client.get_distribution_config(Id=distribution_id)
distribution_config = response['DistributionConfig']
etag = response['ETag']
# 为第一个源启用Origin Shield并设置区域
distribution_config['Origins']['Items'][0]['OriginShield'] = {
'Enabled': True,
'OriginShieldRegion': 'us-east-1' # 设置Origin Shield区域为“US East (N. Virginia)”
}
# 预定义的CachingOptimized缓存策略ID
caching_optimized_policy_id = '658327ea-f89d-4fab-a63d-7e88639e58f6'
# 更新默认缓存行为的缓存策略ID
distribution_config['DefaultCacheBehavior']['CachePolicyId'] = caching_optimized_policy_id
# 移除与缓存策略不兼容的TTL设置和ForwardedValues
for key in ['MinTTL', 'MaxTTL', 'DefaultTTL', 'ForwardedValues']:
distribution_config['DefaultCacheBehavior'].pop(key, None)
# 更新HTTP版本为 'http2and3'
distribution_config['HttpVersion'] = 'http2and3'
# 添加Response Headers Policy ID
distribution_config['DefaultCacheBehavior']['ResponseHeadersPolicyId'] = 'bffac3ed-a019-4ec5-8799-b9c465d64bcf'
# 使用更新后的配置更新CloudFront分发
client.update_distribution(
DistributionConfig=distribution_config,
Id=distribution_id,
IfMatch=etag # 使用获取配置时返回的ETag
)
4. 循环更新服务
最后,我们定义了一个服务名称列表,通过循环遍历每个服务,获取对应的Distribution ID并执行更新。
# 服务名称列表
service_name_list = [
"pda-app-hd-fe",
"pda-app-mall-fe",
"pda-app-platform-fe",
"pda-promotion-app-h5-fe",
"pre-app-hd-fe",
"pre-app-mall-fe"
]
# 对每个服务名称,获取Distribution ID并更新CloudFront分发
for service_name in service_name_list:
distribution_id = get_distribution_id(service_name)
update_cloudfront_distribution(distribution_id)
完整代码
import boto3
# 初始化CloudFront客户端
client = boto3.client('cloudfront')
def get_distribution_id(service_name):
# 查找Distribution ID
response = client.list_distributions()
env = service_name.split('-')[0]
for distribution in response['DistributionList']['Items']:
for origin in distribution['Origins']['Items']:
# 检查Origin的DomainName和OriginPath是否与service_name匹配
if origin['DomainName'] == 'govee-static.s3.amazonaws.com' and origin['OriginPath'] == f'/{env}/{service_name}':
return distribution['Id']
def update_cloudfront_distribution(distribution_id):
"""
更新CloudFront分发的Origin Shield区域、缓存策略、HTTP版本和Response Headers Policy。
:param distribution_id: CloudFront分发的ID。
"""
# 获取当前的分发配置和ETag
response = client.get_distribution_config(Id=distribution_id)
distribution_config = response['DistributionConfig']
etag = response['ETag']
# 为第一个源启用Origin Shield并设置区域
distribution_config['Origins']['Items'][0]['OriginShield'] = {
'Enabled': True,
'OriginShieldRegion': 'us-east-1' # 设置Origin Shield区域为“US East (N. Virginia)”
}
# 预定义的CachingOptimized缓存策略ID
caching_optimized_policy_id = '658327ea-f89d-4fab-a63d-7e88639e58f6'
# 更新默认缓存行为的缓存策略ID
distribution_config['DefaultCacheBehavior']['CachePolicyId'] = caching_optimized_policy_id
# 移除与缓存策略不兼容的TTL设置和ForwardedValues
for key in ['MinTTL', 'MaxTTL', 'DefaultTTL', 'ForwardedValues']:
distribution_config['DefaultCacheBehavior'].pop(key, None)
# 更新HTTP版本为 'http2and3'
distribution_config['HttpVersion'] = 'http2and3'
# 添加Response Headers Policy ID
distribution_config['DefaultCacheBehavior']['ResponseHeadersPolicyId'] = 'bffac3ed-a019-4ec5-8799-b9c465d64bcf'
# 使用更新后的配置更新CloudFront分发
client.update_distribution(
DistributionConfig=distribution_config,
Id=distribution_id,
IfMatch=etag # 使用获取配置时返回的ETag
)
# 服务名称列表
service_name_list = [
"pda-app-hd-fe",
"pda-app-mall-fe",
"pda-app-platform-fe",
"pda-promotion-app-h5-fe",
"pre-app-hd-fe",
"pre-app-mall-fe"
]
# 对每个服务名称,获取Distribution ID并更新CloudFront分发
for service_name in service_name_list:
distribution_id = get_distribution_id(service_name)
update_cloudfront_distribution(distribution_id)
5. 结论
通过使用上述脚本,你可以轻松地通过Boto3和Python更新AWS CloudFront分发的关键配置,以优化性能。确保按照实际需求调整和扩展脚本,以适应不同的应用场景。这样的自动化配置和优化过程可帮助确保你的CloudFront分发在不断变化的需求中保持高性能。
def update_cloudfront_distribution(distribution_id):
"""
更新CloudFront分发的Origin Shield区域、缓存策略、HTTP版本和Response Headers Policy。
:param distribution_id: CloudFront分发的ID。
"""
# 获取当前的分发配置和ETag
response = client.get_distribution_config(Id=distribution_id)
distribution_config = response['DistributionConfig']
etag = response['ETag']
# 为第一个源启用Origin Shield并设置区域
distribution_config['Origins']['Items'][0]['OriginShield'] = {
'Enabled': True,
'OriginShieldRegion': 'us-east-1' # 设置Origin Shield区域为“US East (N. Virginia)”
}
# 预定义的CachingOptimized缓存策略ID
caching_optimized_policy_id = '658327ea-f89d-4fab-a63d-7e88639e58f6'
# 更新默认缓存行为的缓存策略ID
distribution_config['DefaultCacheBehavior']['CachePolicyId'] = caching_optimized_policy_id
# 移除与缓存策略不兼容的TTL设置和ForwardedValues
for key in ['MinTTL', 'MaxTTL', 'DefaultTTL', 'ForwardedValues']:
distribution_config['DefaultCacheBehavior'].pop(key, None)
# 更新HTTP版本为 'http2and3'
distribution_config['HttpVersion'] = 'http2and3'
# 添加Response Headers Policy ID
distribution_config['DefaultCacheBehavior']['ResponseHeadersPolicyId'] = 'bffac3ed-a019-4ec5-8799-b9c465d64bcf'
# 使用更新后的配置更新CloudFront分发
client.update_distribution(
DistributionConfig=distribution_config,
Id=distribution_id,
IfMatch=etag # 使用获取配置时返回的ETag
)