Menu
The Amazon CloudFront documentation doesn't mention what the "CallerReference" is for or what I should fill it with, the examples I have seen on other sites use a guid or the current date.
The AWS SDK for .NET tooltip says it's to prevent replay attacks, but that's what the date header is for.
735
The Amazon CloudFront Documentation (meanwhile?!) states that CallerReference is A unique name that ensures the request can't be replayed indeed, see InvalidationBatch Complex Type for details:
If the CallerReference is a value you already sent in a previous invalidation batch request, and if the content of each Path element is identical to the original request, the response includes the same information returned to the original request.
If the CallerReference is a value you already sent in a previous invalidation batch request but the content of any Path is different from the original request, CloudFront returns an InvalidationBatchAlreadyExists error.
Section Caller Reference within Object Invalidation confirms this as well and provides a hint how to handle it in practice:
CallerReference is a unique value that you provide and that CloudFront uses to prevent replays of your request. You must provide a new caller reference value and other new information in the request for CloudFront to create a new invalidation request. You could use a time stamp for the caller reference (such as 20100801090000).
Despite the sample using a time stamp as well, a dedicated value to handle replay attacks supposedly provides more flexibility and thus potentially increased security (if so desired) than relying on a date header.
96
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
