Home/ Questions/Q 7506057
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T22:07:51+00:00

The Amazon CloudFront documentation doesn’t mention what the CallerReference is for or what I

  • 0

The Amazon CloudFront documentation doesn’t mention what the “CallerReference” is for or what I should fill it with, the examples I have seen on other sites use a guid or the current date.

The AWS SDK for .NET tooltip says it’s to prevent replay attacks, but that’s what the date header is for.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The Amazon CloudFront Documentation (meanwhile?!) states that CallerReference is A unique name that ensures the request can’t be replayed indeed, see InvalidationBatch Complex Type for details:

    If the CallerReference is a value you already sent in a previous
    invalidation batch request, and if the content of each Path element is
    identical to the original request, the response includes the same
    information returned to the original request.

    If the CallerReference is a value you already sent in a previous
    invalidation batch request but the content of any Path is different
    from the original request, CloudFront returns an
    InvalidationBatchAlreadyExists error.

    Section Caller Reference within Object Invalidation confirms this as well and provides a hint how to handle it in practice:

    CallerReference is a unique value that you provide and that CloudFront
    uses to prevent replays of your request. You must provide a new caller
    reference value and other new information in the request for
    CloudFront to create a new invalidation request. You could use a time
    stamp for the caller reference (such as 20100801090000).

    Despite the sample using a time stamp as well, a dedicated value to handle replay attacks supposedly provides more flexibility and thus potentially increased security (if so desired) than relying on a date header.

    • 0