Terraform Cloud Project Bootcamp with Andrew Brown — 1.7.0 Invalidate Cache Local Exec

3 min readOct 8, 2023

This article is part of my Terraform journey with Terraform Bootcamp by Andrew Brown and Andrew Bayko with Chris Williams and Shala.

My wild career adventure into Cloud Computing continues with Andrews, and I highly, highly recommend you to come join us if you are interested. Check out Andrews’ free youtube learning contents. You can also buy some paid courses here to support their good cause.

Agenda

Video here: 1 7 0 Invalidate Cache Local Exec

Issue #36 Goals

✅ 1) data_source for content_version
✅ 2) Trigger CloudFront distribution invalidation.

Workflow

✅ 1) Add terraform_data with local-exec
✅ 2) (Optional) Update outputs.tf
✅ 3) (Optional) Update index.html

Notes

Terraform is more about managing infrastructure state. Invalidating a CloudFront distribution is an execution of operational tasks. In reality, tools like Ansible is a better fit for this task, but we do it with Terraform anyway for learning purposes.

In this unit, we use terraform’s local-exec to run the AWS API call locally on the machine we are working on. Please note that this is like running a command on terminal but just automating it as if we write a bash script.

1. Add terraform_data with local-exec

Provisioners allows you to “model specific actions on the local machine or on a remote machine in order to prepare servers or other infrastructure objects for service (Provisioner, Terraform)”.

As I mentioned above in the Notes, please make sure to read this section “Provisioners are a Last Resort” in the official doc on Provisioner.

Add the following snippet to the CDN definition file. The command below is all that is needed to automate the cache invalidation.

Path: ./modules/terrahouse_aws/resource-cdn.tf

resource "terraform_data" "invalidate_cache" {
  triggers_replace = terraform_data.content_version.output

  provisioner "local-exec" {
    command = <<COMMAND
     aws cloudfront create-invalidation \
     --distribution-id ${aws_cloudfront_distribution.s3_distribution.id} \
     --paths '/*'
     COMMAND
  }
}

2. (Optional) Update outputs.tf

If you would like to make sure the values of certain outputs, you can update the outputs file. Andrew decides to output cloudfront_url, amd I wanted to check cloudfront_distribution_id every time terraform applies.

modules/terrahouse_aws/outputs.tf

output "cloudfront_url" {
  value = aws_cloudfront_distribution.s3_distribution.domain_name
  description = "The CloudFront distribution domain name"
 }

output "cloudfront_distribution_id" {
  value = aws_cloudfront_distribution.s3_distribution.id
}

outputs.tf

output "cloudfront_url" {
  value = module.terrahouse_aws.cloudfront_url
}

output "cloudfront_distribution_id" {
  value = module.terrahouse_aws.cloudfront_distribution_id
}

3. Update index.html

I updated my index.html file as here. Now, I change the value fo content_version then run the following commands to update the infrastructure.

terraform plan

It correctly detects the changes in the content_version.

terraform apply --auto-approve

As a result of the detection during terraform plan, index.html will be replaced and invalidate_cache will take effect.

Once you ran the commands, go to CloudFront console, then check the Invalidation status of your Distribution.

Automated cache invalidation works perfectly well. My updated index.html is one long scroll of images and captions, and the newly cached content loads well every time I refresh the page: