The AWS Console doesn’t provide a native export/import feature for CloudFront distributions, so when you need to replicate a configuration between accounts — or just save it as a template — the AWS CLI is the way to go.
Downloading a CloudFront Distribution
aws --profile SRC_AWS_PROFILE cloudfront get-distribution \
--id CF_DISTRIBUTION_ID > src-example.cloudfront.jsonReplace SRC_AWS_PROFILE with your configured AWS profile name and CF_DISTRIBUTION_ID with the distribution’s ID (found in the CloudFront console).
Processing the Downloaded Configuration
Before you can use the file, it needs some cleanup:
- Extract
DistributionConfig— move theDistributionConfigobject to the root level of the JSON file - Remove the outer wrapper including the
ETagand enclosing attributes - Strip account-specific properties that won’t apply to the destination:
WebACLId(WAF Web ACL association)ViewerCertificate(SSL certificate ARN)Aliases(CNAMEs associated with the distribution)
Save this cleaned file as src-example-PROCESSED.cloudfront.json.
Creating a New Distribution
Deploy the processed configuration to any account:
aws --profile SRC_AWS_PROFILE cloudfront create-distribution \
--distribution-config file://src-example-PROCESSED.cloudfront.jsonThe new distribution will appear in the AWS Console within a few minutes.
Updating an Existing Distribution
To modify an existing distribution, you need the current ETag (found in the original downloaded file):
aws --profile SRC_AWS_PROFILE cloudfront update-distribution \
--distribution-config file://src-example-PROCESSED.cloudfront.json \
--id CF_DISTRIBUTION_ID \
--if-match LATEST_ETAGNote: The
ETagis single-use. If you need to run the update command again, re-download the distribution config to get a fresh ETag first.
Requirements
- AWS CLI installed and configured locally
- Appropriate IAM permissions for CloudFront operations on both source and target accounts