diff --git a/.env.example b/.env.example
index f5e40eac7..43af881f2 100644
--- a/.env.example
+++ b/.env.example
@@ -11,3 +11,6 @@ PRIVATE_ASSET_BUCKET=
 AWS_ACCESS_KEY_ID=
 AWS_SECRET_KEY=
 AWS_ENDPOINT_URL=
+CLOUDFRONT_INVALIDATION_ACCESS_KEY_ID=
+CLOUDFRONT_INVALIDATION_ACCESS_SECRET=
+CLOUDFRONT_PUBLIC_DISTRIBUTION_ID=
diff --git a/judgments/views.py b/judgments/views.py
index a6e4040b1..dedf910c0 100644
--- a/judgments/views.py
+++ b/judgments/views.py
@@ -299,7 +299,13 @@ def unpublish_documents(uri: str) -> None:
 
 
 def invalidate_caches(uri: str) -> None:
-    cloudfront = aws_session().client("cloudfront")
+    aws = boto3.session.Session(
+        aws_access_key_id=env("CLOUDFRONT_INVALIDATION_ACCESS_KEY_ID", default=None),
+        aws_secret_access_key=env(
+            "CLOUDFRONT_INVALIDATION_ACCESS_SECRET", default=None
+        ),
+    )
+    cloudfront = aws.client("cloudfront")
     cloudfront.create_invalidation(
         DistributionId=env("CLOUDFRONT_PUBLIC_DISTRIBUTION_ID"),
         InvalidationBatch={
@@ -309,14 +315,9 @@ def invalidate_caches(uri: str) -> None:
     )
 
 
-def aws_session():
-    return boto3.session.Session(
+def create_s3_client():
+    aws = boto3.session.Session(
         aws_access_key_id=env("AWS_ACCESS_KEY_ID", default=None),
         aws_secret_access_key=env("AWS_SECRET_KEY", default=None),
     )
-
-
-def create_s3_client():
-    return aws_session().client(
-        "s3", endpoint_url=env("AWS_ENDPOINT_URL", default=None)
-    )
+    return aws.client("s3", endpoint_url=env("AWS_ENDPOINT_URL", default=None))