deploy-aws-s3-cloudfront
Syncs a local directory to an AWS S3 bucket, optionally invalidating affected CloudFront paths.
Installation
npm install --save deploy-aws-s3-cloudfront
Authentication
This packages uses the AWS SDK for Node.js and defers authentication to the SDK.
If you are relying on credentials stored in ~/.aws/credentials
you can use AWS_PROFILE=<profile> deploy-aws-s3-cloudfront ...
to use a custom-named profile.
Usage
deploy-aws-s3-cloudfront --bucket <bucket> [options]
deploy-aws-s3-cloudfront install-soft-delete --bucket <bucket> [options]
Options
Options: Global
--bucket <name>
(required)
AWS S3 bucket name to deploy to.
Default: undefined
--debug
Enable output of debugging log messages.
Default: false
--non-interactive
Do not prompt for confirmations.
Default: false
--output-format <format>
Logging output format.
Accepted formats are: colorized
, json
or text
.
Default: text
deploy-aws-s3-cloudfront
Options: --acl <pattern:value> [<pattern:value>...]
Apply ACL to specific pattern(s). The first pattern to match the path is applied.
See the Using Patterns section for pattern usage.
See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#upload-property for accepted values.
Default: []
--cache-control <pattern>:<value> [<pattern>:<value>...]
Apply Cache Control to specific pattern(s). The first pattern to match the path is applied.
See the Using Patterns section for pattern usage.
Default: []
--delete
Delete objects in AWS S3 that do not exist locally. Objects are retained if both this option and --soft-delete
are omitted.
Default: false
--destination <path>
Path to remote directory to sync to.
Default: /
--distribution <ID>
AWS CloudFront distribution ID to invalidate. No invalidation is performed if this option is omitted.
Default: undefined
--exclude <pattern> [<pattern>...]
Pattern(s) to exclude from deployment.
See the Using Patterns section for pattern usage.
Default: []
--invalidation-path <path> [<path>...]
Set the invalidation path(s) instead of automatically detecting objects to invalidate. Paths should be absolute (with a leading slash).
This option is typically used to reduce invalidation costs by using a wildcard pattern (e.g. --invalidation-path "/*"
).
Special characters should be URL-encoded where necessary.
Default: []
--react
Use recommended settings for React applications.
See the React Apps section for more information.
Default: false
--retain <pattern> [<pattern>...]
Pattern(s) to skip from deletion. Used with the --delete
option.
See the Using Patterns section for pattern usage.
Default: []
--soft-delete
Tag objects in AWS S3 that do not exist locally. Objects are retained if both this option and --delete
are omitted.
See the Soft-Deleting Objects section for more information.
Default: false
--soft-delete-tag-key <key>
Soft-deleted objects are tagged with this key.
See the Soft-Deleting Objects section for more information.
Default: deleted
--soft-delete-tag-value <value>
Soft-deleted objects are tagged with this value.
See the Soft-Deleting Objects section for more information.
Default: true
--source <path>
Path to local directory to sync from.
Default: .
--tags <pattern>:<key>=<value>[,<key>=<value>...] [<pattern>:<key>=<value>[,<key>=<value>...]...]
Apply tags to specific pattern(s). All patterns that match the path are applied.
See the Using Patterns section for pattern usage.
Default: []
deploy-aws-s3-cloudfront install-soft-delete
Options: --expiration <expiration>
Expiration (in days) rule for generated soft-deletion lifecycle policy.
Default: 90
--id <ID>
ID for generated soft-deletion lifecycle policy.
Default: Soft-Delete
--tag-key <key>
Key used for generated soft-deletion lifecycle policy tag.
Default: deleted
--tag-value <value>
Value used for generated soft-deletion lifecycle policy tag.
Default: true
run-script
alias (optional)
Installation as a Add script aliases to your package.json
file:
{
...
"scripts": {
...
"predeploy": "deploy-aws-s3-cloudfront install-soft-delete --bucket my-bucket",
"deploy": "deploy-aws-s3-cloudfront --bucket my-bucket"
}
}
Run yarn run deploy
or npm run deploy
to deploy. A soft-delete lifecycle rule will also be installed. Remove the predeploy
script if you do not use the soft-deletion feature or prefer to install it manually.
If you need to pass user or environment-level options that you don't want committed into package.json
you can provide these at call-time, e.g. yarn run deploy --distribution abc123
or npm run deploy -- --distribution abc123
.
Using Patterns
Several options support patterns which allows the option to apply only to matching objects.
Patterns should be relative (without a leading slash) to the source directory and are parsed using micromatch.
Soft-Deleting Objects
Objects can be soft-deleted using an S3 Object Lifecycle expiration rule.
This feature can be enabled using the --soft-delete
option. When enabled, objects are not deleted from S3 but are instead tagged for later removal by a lifecycle rule. The lifecycle rule is created using the install-soft-delete
command.
The installed rule will automatically delete objects that are both tagged for deletion and have expired. The expiration time is relative to the object creation date, in days.
In some cases, soft-deleted items may be deleted immediately after being tagged for deletion. This happens when the object was created earlier than the expiration period. The expiration period should therefore be set to a suitable duration according to your release schedule using the --expiration
option (default is 90 days). It is not currently possible to expire objects based on the tag creation date, only the object creation date. This is a limitation of AWS S3.
Examples
Created Tagged Deleted
|-----------|-----------|-----------|-----------> Days
0 30 60 90
In this example, the expiration is set to 90 days and the object was tagged for soft-deletion 60 days after creation. It will be deleted 30 days later.
Tagged+
Created Deleted
|-----------|-----------|-----------|-------|---> Days
0 30 60 90 110
In this example, the expiration is set to 90 days and the object was tagged for soft-deletion 110 days after creation. It will be deleted immediately.
React Apps
Use the --react
option when deploying apps created using create-react-app
. This is shortcut for deploy-aws-s3-cloudfront --source ./build/ --cache-control index.html:no-cache
.
If you opt to delete objects on deployment, it is recommended to use the --soft-delete
option to minimise impact to users online during a deployment. Such users will have loaded the previous version of index.html
which will likely reference assets which have since been deleted by a deployment. They will not receive the latest index.html
until they refresh. Using the --soft-delete
option will retain stale objects in S3 for a period of time to allow online users to continue browsing until they refresh to get the latest version.
Example IAM Policy
The example below should allow you to use the core functionality of this tool. Advanced usage (such as soft-deletion) may require further permissions (TODO).
Please replace <BUCKET_NAME>
, <ACCOUNT_ID>
, <DISTRIBUTION_ID>
values with those of your own.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListBuckets",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
},
{
"Sid": "ListBucket",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<BUCKET_NAME>"
},
{
"Sid": "OperateWithObjects",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": "arn:aws:s3:::<BUCKET_NAME>/*"
},
{
"Sid": "CloudFrontInvalidation",
"Effect": "Allow",
"Action": "cloudfront:CreateInvalidation",
"Resource": "arn:aws:cloudfront::<ACCOUNT_ID>:distribution/<DISTRIBUTION_ID>"
}
]
}
Alternatives
-
AWS S3 Sync (bundled with AWS CLI)
The
aws s3 sync
command uses the modification time to identify modified assets. This doesn't work well when building a project often involves regenerating files with fresh timestamps but identical content.This package will instead perform a checksum comparison to minimise the deployment payload. The MD5 checksum will be computed against local files then compared against the ETag of the corresponding remote objects.
-
For React apps, the
react-deploy-s3
provides similar behaviour to this package. However,react-deploy-s3
expects your AWS credentials to be passed in as command arguments and requires additional configuration to get set up. In contrast, this package defers authentication to the AWS SDK and therefore supports multiple authentication strategies (e.g. IAM roles, environment variables and profiles).Additionally,
react-deploy-s3
will purge everything from your S3 bucket before re-uploading the entire build directory. Here, however, deployments are incremental resulting in a smaller payload and minimal interruption. Likewise, this package will perform a more efficient CloudFront purge by executing an invalidation on the affected paths only, as opposed to a site-wide refresh as performed byreact-deploy-s3
.