Infra CLI Setup for pytest-allure-host

← Home  •  Quick Start  •  Architecture  •  CLI  •  AWS Setup  •  AWS CLI

This guide provisions a private S3 bucket and a CloudFront distribution with Origin Access Control (OAC) using the Infra CLI commands that ship with the wheel. Under the hood they call AWS APIs safely and idempotently.

Prereqs: aws CLI configured (able to run aws sts get-caller-identity).

Quick Start (Infra CLI)

# 0) Safe preflight (no changes)
allurehost-infra-precheck

# 1) Provision S3 + CloudFront (OAC). This writes .infra_env and allure-host.yml.
allurehost-infra-setup \
  --bucket my-unique-allure-bucket \
  --region eu-west-1 \
  --yes

# 2) Use exported values for CLI (reduces flags)
source .infra_env

# 3) Optional validation
allurehost-infra-validate

# 4) Dry-run publish (uses generated config allure-host.yml)
publish-allure \
  --bucket "$BUCKET" \
  --project demo \
  --branch main \
  --cloudfront "https://$CF_DOMAIN" \
  --check --dry-run

# 5) Real publish (zero flags if allure-host.yml has bucket/project/branch/cloudfront)
publish-allure

# 6) Cleanup when done (reads .infra_env)
allurehost-infra-cleanup

Safety Features

• Setup prevention: Won't recreate infrastructure if .infra_env exists
• CloudFront waiting: Cleanup waits for distribution to fully disable before deletion
• Policy validation: Validates bucket policy and distribution ID
• Idempotent operations: Safe to re-run

Notes

• Keep the bucket private with Block Public Access enabled.
• Ensure your local AWS region matches the bucket region to avoid 301 redirects.
• CloudFront read access is scoped via the AWS:SourceArn condition. Do not grant broad s3:GetObject publicly.
• The setup command writes allure-host.yml by default; regenerate or update it anytime with allurehost-infra-write-config.

Behaviors & idempotency

• Setup will create missing resources and skip existing ones; privacy hardening is always applied.
• Validate ensures OAC is attached and bucket policy matches the distribution ID.
• Cleanup waits for CloudFront to be disabled (Status=Deployed && Enabled=false) before deletion to avoid eventual-consistency errors.

CloudFront Cleanup Timing

The cleanup script includes robust waiting logic for CloudFront distributions:

• Disables the distribution first
• Polls every 10 seconds for up to 10 minutes
• Only attempts deletion when Status=Deployed and Enabled=false
• Gets fresh ETag after disable propagation completes
• This prevents failures due to CloudFront's eventual consistency model

Manual variables (if not using .infra_env)

export AWS_REGION=eu-west-1
export BUCKET=<BUCKET>
export PROJECT=<PROJECT>
export BRANCH=<BRANCH>

IAM policy for the publisher (least privilege)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "ListScoped",
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": "arn:aws:s3:::<BUCKET>",
      "Condition": { "StringLike": { "s3:prefix": ["<PROJECT>/*"] } }
    },
    {
      "Sid": "ObjectCrudScoped",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:CopyObject",
        "s3:PutObjectTagging",
        "s3:GetObjectTagging"
      ],
      "Resource": "arn:aws:s3:::<BUCKET>/<PROJECT>/*"
    }
  ]
}

SPA error mapping rationale

Allure’s front-end uses client-side routing for some deep links. Mapping 403/404 to index.html ensures refreshes and deep links work. Use the provided script or manually edit the distribution’s Custom Error Responses.

Next steps

Proceed to run your tests to emit allure-results/, then use publish-allure --check --dry-run followed by a real publish. For advanced options (TTL tags, retention pruning, manifest), see the main CLI documentation.

Return: Setup index • Manual Console