From ab5428e1bf058e1fbb9394a81ae509df90afed7f Mon Sep 17 00:00:00 2001 From: tomohiro86 Date: Wed, 6 May 2026 18:31:04 +0900 Subject: [PATCH] fix(cloudfront): replace random.randint with uuid4 for CallerReference generation unique_string() was using random.randint(1, 1000000) combined with a Unix timestamp to generate CallerReference values for create-invalidation and create-distribution. Because the timestamp has 1-second granularity, concurrent invocations within the same second had a 1-in-1,000,000 chance of producing identical values, causing CloudFront to silently treat the second request as a duplicate. Replace with uuid.uuid4() which provides 122 bits of cryptographic randomness, eliminating both the timestamp dependency and collision risk. Fixes #10281 --- awscli/customizations/cloudfront.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/awscli/customizations/cloudfront.py b/awscli/customizations/cloudfront.py index 72668d2e08cc..368d521fc8e9 100644 --- a/awscli/customizations/cloudfront.py +++ b/awscli/customizations/cloudfront.py @@ -11,8 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import sys -import time -import random +import uuid import rsa from botocore.utils import parse_to_aware_datetime @@ -63,7 +62,7 @@ def register(event_handler): def unique_string(prefix='cli'): - return '%s-%s-%s' % (prefix, int(time.time()), random.randint(1, 1000000)) + return '%s-%s' % (prefix, uuid.uuid4()) def _add_paths(argument_table, **kwargs):