remove waiter when deleting cloudfront distribution

mattclay · Dec 1, 2022 · 3ae9d94 · 3ae9d94
1 parent ec5e904
commit 3ae9d94
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 27 deletions.
diff --git a/aws/policy/paas.yaml b/aws/policy/paas.yaml
@@ -14,12 +14,7 @@ Statement:
       - ecr:InitiateLayerUpload
       - ecr:PutImage
       - ecr:UploadLayerPart
-      - cloudfront:CreateDistribution
-      - cloudfront:CreateStreamingDistribution
-      - cloudfront:CreateStreamingDistributionWithTags
     Resource:
-      - 'arn:aws:cloudfront::{{ aws_account_id }}:distribution/*'
-      - 'arn:aws:cloudfront::{{ aws_account_id }}:streaming-distribution/*'
       - 'arn:aws:eks:{{ aws_region }}:{{ aws_account_id }}:cluster/*'
       - 'arn:aws:eks:{{ aws_region }}:{{ aws_account_id }}:nodegroup/*/*/*'
       - 'arn:aws:lambda:{{ aws_region }}:{{ aws_account_id }}:function:*'
@@ -29,11 +24,8 @@ Statement:
   - Sid: AllowResourceRestrictedActionsWhichIncurNoFees
     Effect: Allow
     Action:
-      - cloudfront:DeleteDistribution
-      - cloudfront:UpdateDistribution
       - cloudfront:TagResource
       - cloudfront:UntagResource
-      - cloudfront:DeleteStreamingDistribution
       - ecr:DeleteLifecyclePolicy
       - ecr:DeleteRepository
       - ecr:DeleteRepositoryPolicy
@@ -111,9 +103,15 @@ Statement:
     Effect: Allow
     Action:
       - cloudfront:CreateCloudFrontOriginAccessIdentity
+      - cloudfront:CreateDistribution
+      - cloudfront:CreateInvalidation
+      - cloudfront:CreateStreamingDistribution
+      - cloudfront:CreateStreamingDistributionWithTags
       - cloudfront:DeleteCloudFrontOriginAccessIdentity
+      - cloudfront:DeleteDistribution
+      - cloudfront:DeleteStreamingDistribution
       - cloudfront:UpdateCloudFrontOriginAccessIdentity
-      - cloudfront:CreateInvalidation
+      - cloudfront:UpdateDistribution
     Resource:
       - "*"
 

diff --git a/aws/terminator/paas.py b/aws/terminator/paas.py
@@ -46,12 +46,6 @@ def terminate(self):
             self.client.delete_layer_version(LayerName=self.name, VersionNumber=version['Version'])
 
 
-def wait_until_deployed(client, Id, waiter_name, wait_timeout=1800):
-    waiter = client.get_waiter(waiter_name)
-    attempts = 1 + int(wait_timeout / 60)
-    waiter.wait(Id=Id, WaiterConfig={'MaxAttempts': attempts})
-
-
 class CloudFrontDistribution(Terminator):
     @staticmethod
     def create(credentials):
@@ -80,14 +74,12 @@ def terminate(self):
         distribution = distribution['Distribution']
         if distribution.get('Status') == "Deployed":
             if distribution['DistributionConfig']['Enabled']:
+                # disable distribution
                 distribution['DistributionConfig']['Enabled'] = False
                 self.client.update_distribution(DistributionConfig=distribution['DistributionConfig'], Id=self.Id, IfMatch=ETag)
-                # wait until the distribution is deployed
-                wait_until_deployed(self.client, self.Id, 'distribution_deployed')
-                # Get ETag value after update
-                distribution = self.client.get_distribution(Id=self.Id)
-                ETag = distribution['ETag']
-            self.client.delete_distribution(Id=self.Id, IfMatch=ETag)
+            else:
+                # delete distribution
+                self.client.delete_distribution(Id=self.Id, IfMatch=ETag)
 
 
 class CloudFrontStreamingDistribution(Terminator):
@@ -117,13 +109,11 @@ def terminate(self):
         streaming_distribution = streaming_distribution['StreamingDistribution']
         if streaming_distribution.get('Status') == "Deployed":
             if streaming_distribution['StreamingDistributionConfig']['Enabled']:
+                # disable streaming distribution
                 streaming_distribution['StreamingDistributionConfig']['Enabled'] = False
                 self.client.update_streaming_distribution(StreamingDistributionConfig=streaming_distribution['StreamingDistributionConfig'],
                                                           Id=self.Id,
                                                           IfMatch=ETag)
-                # wait until the streaming distribution is deployed
-                wait_until_deployed(self.client, self.Id, 'streaming_distribution_deployed')
-                # Get ETag value after update
-                streaming_distribution = self.client.get_streaming_distribution(Id=self.Id)
-                ETag = streaming_distribution['ETag']
-            self.client.delete_streaming_distribution(Id=self.Id, IfMatch=ETag)
+            else:
+                # delete streaming distribution
+                self.client.delete_streaming_distribution(Id=self.Id, IfMatch=ETag)