Syncs a local directory to an AWS S3 bucket, optionally invalidating affected CloudFront paths.

Installation

npm install --save deploy-aws-s3-cloudfront

Authentication

This packages uses the AWS SDK for Node.js and defers authentication to the SDK.

If you are relying on credentials stored in ~/.aws/credentials you can use AWS_PROFILE=<profile> deploy-aws-s3-cloudfront ... to use a custom-named profile.

Usage

Options

Options: Global

AWS S3 bucket name to deploy to.

Default: undefined

Enable output of debugging log messages.

Default: false

Do not prompt for confirmations.

Default: false

Logging output format.

Accepted formats are: colorized , json or text .

Default: text

Apply ACL to specific pattern(s). The first pattern to match the path is applied.

See the Using Patterns section for pattern usage.

See https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#upload-property for accepted values.

Default: []

Apply Cache Control to specific pattern(s). The first pattern to match the path is applied.

See the Using Patterns section for pattern usage.

Default: []

Delete objects in AWS S3 that do not exist locally. Objects are retained if both this option and --soft-delete are omitted.

Default: false

Path to remote directory to sync to.

Default: /

AWS CloudFront distribution ID to invalidate. No invalidation is performed if this option is omitted.

Default: undefined

Pattern(s) to exclude from deployment.

See the Using Patterns section for pattern usage.

Default: []

Set the invalidation path(s) instead of automatically detecting objects to invalidate. Paths should be absolute (with a leading slash).

This option is typically used to reduce invalidation costs by using a wildcard pattern (e.g. --invalidation-path "/*" ).

Special characters should be URL-encoded where necessary.

Default: []

Use recommended settings for React applications.

See the React Apps section for more information.

Default: false

Pattern(s) to skip from deletion. Used with the --delete option.

See the Using Patterns section for pattern usage.

Default: []

Tag objects in AWS S3 that do not exist locally. Objects are retained if both this option and --delete are omitted.

See the Soft-Deleting Objects section for more information.

Default: false

Soft-deleted objects are tagged with this key.

See the Soft-Deleting Objects section for more information.

Default: deleted

Soft-deleted objects are tagged with this value.

See the Soft-Deleting Objects section for more information.

Default: true

Path to local directory to sync from.

Default: .

Apply tags to specific pattern(s). All patterns that match the path are applied.

See the Using Patterns section for pattern usage.

Default: []

Expiration (in days) rule for generated soft-deletion lifecycle policy.

Default: 90

ID for generated soft-deletion lifecycle policy.

Default: Soft-Delete

Key used for generated soft-deletion lifecycle policy tag.

Default: deleted

Value used for generated soft-deletion lifecycle policy tag.

Default: true

Installation as a run-script alias (optional)

Add script aliases to your package.json file:

{ ... "scripts" : { ... "predeploy" : "deploy-aws-s3-cloudfront install-soft-delete --bucket my-bucket" , "deploy" : "deploy-aws-s3-cloudfront --bucket my-bucket" } }

Run yarn run deploy or npm run deploy to deploy. A soft-delete lifecycle rule will also be installed. Remove the predeploy script if you do not use the soft-deletion feature or prefer to install it manually.

If you need to pass user or environment-level options that you don't want committed into package.json you can provide these at call-time, e.g. yarn run deploy --distribution abc123 or npm run deploy -- --distribution abc123 .

Using Patterns

Several options support patterns which allows the option to apply only to matching objects.

Patterns should be relative (without a leading slash) to the source directory and are parsed using micromatch.

Soft-Deleting Objects

Objects can be soft-deleted using an S3 Object Lifecycle expiration rule.

This feature can be enabled using the --soft-delete option. When enabled, objects are not deleted from S3 but are instead tagged for later removal by a lifecycle rule. The lifecycle rule is created using the install-soft-delete command.

The installed rule will automatically delete objects that are both tagged for deletion and have expired. The expiration time is relative to the object creation date, in days.

In some cases, soft-deleted items may be deleted immediately after being tagged for deletion. This happens when the object was created earlier than the expiration period. The expiration period should therefore be set to a suitable duration according to your release schedule using the --expiration option (default is 90 days). It is not currently possible to expire objects based on the tag creation date, only the object creation date. This is a limitation of AWS S3.

Examples

Created Tagged Deleted |-----------|-----------|-----------|-----------> Days 0 30 60 90

In this example, the expiration is set to 90 days and the object was tagged for soft-deletion 60 days after creation. It will be deleted 30 days later.

Tagged+ Created Deleted |-----------|-----------|-----------|-------|---> Days 0 30 60 90 110

In this example, the expiration is set to 90 days and the object was tagged for soft-deletion 110 days after creation. It will be deleted immediately.

React Apps

Use the --react option when deploying apps created using create-react-app . This is shortcut for deploy-aws-s3-cloudfront --source ./build/ --cache-control index.html:no-cache .

If you opt to delete objects on deployment, it is recommended to use the --soft-delete option to minimise impact to users online during a deployment. Such users will have loaded the previous version of index.html which will likely reference assets which have since been deleted by a deployment. They will not receive the latest index.html until they refresh. Using the --soft-delete option will retain stale objects in S3 for a period of time to allow online users to continue browsing until they refresh to get the latest version.

Example IAM Policy

The example below should allow you to use the core functionality of this tool. Advanced usage (such as soft-deletion) may require further permissions (TODO).

Please replace <BUCKET_NAME> , <ACCOUNT_ID> , <DISTRIBUTION_ID> values with those of your own.

{ "Version" : "2012-10-17" , "Statement" : [ { "Sid" : "ListBuckets" , "Effect" : "Allow" , "Action" : "s3:ListAllMyBuckets" , "Resource" : "*" }, { "Sid" : "ListBucket" , "Effect" : "Allow" , "Action" : "s3:ListBucket" , "Resource" : "arn:aws:s3:::<BUCKET_NAME>" }, { "Sid" : "OperateWithObjects" , "Effect" : "Allow" , "Action" : [ "s3:PutObject" , "s3:PutObjectAcl" , "s3:PutObjectVersionAcl" , "s3:DeleteObject" , "s3:DeleteObjectVersion" ], "Resource" : "arn:aws:s3:::<BUCKET_NAME>/*" }, { "Sid" : "CloudFrontInvalidation" , "Effect" : "Allow" , "Action" : "cloudfront:CreateInvalidation" , "Resource" : "arn:aws:cloudfront::<ACCOUNT_ID>:distribution/<DISTRIBUTION_ID>" } ] }

