amazon-web-services - 将无效请求发布到Amazon CloudFront时，CallerReference是什么？

Question

Amazon CloudFront documentation没有提及“CallerReference”的用途或应填写的内容，我在其他站点上看到的示例使用的是GUID或当前日期。

AWS SDK for .NET工具提示说这是为了防止重放攻击，但这就是date header 的作用。

Answer 1

Amazon CloudFront Documentation(同时？!)指出CallerReference是一个唯一名称，可确保确实不会重播该请求，有关详细信息，请参阅InvalidationBatch Complex Type:

If the CallerReference is a value you already sent in a previous invalidation batch request, and if the content of each Path element is identical to the original request, the response includes the same information returned to the original request.

If the CallerReference is a value you already sent in a previous invalidation batch request but the content of any Path is different from the original request, CloudFront returns an InvalidationBatchAlreadyExists error.

对象无效中的节调用者引用也对此进行了确认，并提供了如何在实践中进行处理的提示:

CallerReference is a unique value that you provide and that CloudFront uses to prevent replays of your request. You must provide a new caller reference value and other new information in the request for CloudFront to create a new invalidation request. You could use a time stamp for the caller reference (such as 20100801090000).

尽管该示例也使用时间戳，但是处理重播攻击的专用值应该比依赖日期 header 提供更大的灵活性，并因此可能会提高安全性(如果需要的话)(如果需要的话)。