I've multiple Cloudfront distributions pointing to a single S3 Bucket to create different URLs. Now when I deploy it is difficult to clear cache of all the buckets manually one by one. So I thought there should be an option from where I can find all the ids and clear the cache but all I could find was

aws cloudfront  get-distribution-config
--id <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>] 

Where id takes the id of cloudfront distribution itself which I want to find out.

I can't use this as well as I don't want to clear cache of all the distributions

aws cloudfront list-distributions
[--max-items <value>]
[--cli-input-json <value>]
[--starting-token <value>]
[--page-size <value>]
[--generate-cli-skeleton <value>]

I'm trying to find something like but so far this doesn't seem to be the right approach

aws cloudfront --origing <value>

https://mcmap.net/q/1053597/-is-it-possible-to-find-cloudfront-distributions-from-origin-via-aws-cli

While this solution is not exactly what I wanted it helped me to find the exact answer. I'm posting my answer which finally helped me achieve this.

aws cloudfront list-distributions --query "DistributionList.Items[*].{id:Id,origin:Origins.Items[0].Id}[?origin=='S3-BUCKET_NAME'].id" --output text

Which will give a result like this

EXXXXXXXXXXX1 EXXXXXXXXXXX2

and in order to clear the cache of multiple distributions

for id in $(aws cloudfront list-distributions --query "DistributionList.Items[*].{id:Id,origin:Origins.Items[0].Id}[?origin=='S3-BUCKET_NAME'].id" --output text);do aws cloudfront create-invalidation --distribution-id $id --paths "/*";done;

You can use the query argument to fetch only Ids

aws cloudfront list-distributions --query "DistributionList.Items[*].Origins.Items[*].Id" --output text

S3-test1.example.com
S3-Website-test2.example.com.s3-website-us-west-1.amazonaws.com

then you can filter the list using grep

aws cloudfront list-distributions --query "DistributionList.Items[*].Origins.Items[*].Id" --output text | grep test2

S3-test1.example.com

You can return multiple values using query argument

aws cloudfront list-distributions --query "DistributionList.Items[*].Origins.Items[*].{id:Id,name:DomainName}" --output text

S3-test1.example.com  test1.example.com.s3.amazonaws.com
S3-Website-test2.example.com.s3-website-us-west-1.amazonaws.com test2.example.com.s3-website-us-west-1.amazonaws.com

While Ritik Patni's answer was closest to what I needed, I had interpreted the following to mean that I could substitute the bucket name and filter out the CF distribution I was looking for:

[?origin=='S3-BUCKET_NAME']

I did not find this to be the case, as when I created the resource in TF, I used a different name than the bucket name to distinguish between variables. In my case, Origins.Items[0].Id was staticsite_s3_bucket, which differed from the name of the s3 bucket, dev-it-static-site-mvp. So an empty-set was returned.

I was doing this inside of Jenkins, and had a little difficulty with the console output looking like it was misinterpreting quotes, so I'm posting the sh script taken out of the pipeline here, in case the actual implementation can help anyone. Note that Jenkins may not be behaving as it would out-of-the-box. The solution worked in Cloudbees Jenkins Enterprise v 2.249.3.1-rolling.

Also of interest is that I'm referencing the domain name of the s3 bucket to match to the bucket name. AFAIK, this is a safe assumption with buckets not configured with static website hosting. But your mileage may vary.

sh '''#!/bin/sh
set -e
set -x

bucket_name="${ENVIRONMENT}-it-${APP_NAME}"
aws s3 ls ${bucket_name}
aws cloudfront list-distributions

echo "Getting CF distributions matching ${bucket_name} ?"
distributions=$(aws cloudfront list-distributions --query "DistributionList.Items[*].{id:Id,origin_domain:Origins.Items[0].DomainName}[?starts_with(origin_domain,'${bucket_name}.')].id" --output text)
echo ${distributions}
for id in "${distributions}"; do aws cloudfront create-invalidation --distribution-id $id --paths "/*";done;

'''

Finally, I also wanted to point out that this URL was very conveniently useful for me to figure out what I was doing incorrectly: https://jmespath.org/. I was able to paste the raw contents of aws cloudfront list-distributions and poke around at it until I figured out why I was getting an empty return.

You can get a list of CloudFront distributions id's, domain, certificate source, and origin using this python script

#!/usr/bin/env python
import boto3
cf = boto3.client('cloudfront') # Create CloudFront client
print("\nCloudFront Distributions:\n")  # List distributions
distributions=cf.list_distributions()
if distributions['DistributionList']['Quantity'] > 0:
  for distribution in distributions['DistributionList']['Items']:
    print("Domain: " + distribution['DomainName'])
    print("Distribution Id: " + distribution['Id'])
    print("Certificate Source: " + distribution['ViewerCertificate']['CertificateSource'])
    for name in distribution['Origins']['Items']:
        print ("origin:" + name['DomainName'])
    if (distribution['ViewerCertificate']['CertificateSource'] == "acm"):
      print("Certificate: " + distribution['ViewerCertificate']['Certificate'])
    print("")
else:    
  print("Error - No CloudFront Distributions Detected.")

aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].[Id,Origins.Items[0].DomainName]'