AWS Edge@Lambda
This document describes integrating with the Spec Platform using an AWS Edge@Lambda function on an existing CloudFront distribution.
Last updated
This document describes integrating with the Spec Platform using an AWS Edge@Lambda function on an existing CloudFront distribution.
Last updated
This guide will create two separate Edge@Lambda function bundles: one for the origin request and another for the origin response. The origin request function will package the request for processing by the Spec Platform, while the origin response function will augment the response for proper Customer Journey Security.
An existing CloudFront distribution.
Check out the configuration options for the Spec Platform in , also check out the known limitations below.
Use your favorite javascript package installer( yarn or npm )to install the following package into your lambda project.
An Origin Request Bundle
An Origin Response Bundle
Please note the following:
All Edge@Lambdas must be created in the us-east-1 region in order to be associated to a CloudFront distribution. CloudFront will still replicate this function in other regions based on viewer request.
The function must not have environment variables. Everything in a replicated edge function must be self-contained.
The function cannot be placed inside a VPC. This limits control of egress beyond AWS CIDR ranges.
Create a new Lambda function in the AWS console in the us-east-1 region.
Use the AWS managed Edge@Lambda service role.
Upload the Origin Request bundle to the console.
Publish a new version of the lambda bundle.
Copy the ARN including the version.
Head to the CloudFront console and select the distribution to add the Lambda to.
Under behaviors, find the route that should be protected by Spec.
Paste the ARN into the Origin Request section.
Check "include body" option.
Save and wait for Edge@Lambda to propagate.
Create a new Lambda function in the AWS console in the us-east-1 region.
Use the AWS managed Edge@Lambda service role.
Upload the Origin Response bundle to the console.
Publish a new version of the lambda bundle.
Copy the ARN including the version.
Head to the CloudFront console and select the distribution to add the Lambda to.
Under behaviors, find the route that should be protected by Spec.
Paste the ARN of the origin-response-lambda into the Origin Response section.
Check "include body" option.
Save and wait for Edge@Lambda to propagate.
Requests to the routes protected by the Spec Platform should behave normally.
Any logging added to the Code Bundles should appear in the logs. See tips below.
Spec provides the Code Bundles as public NPM packages. They are built using Typescript and designed to work alongside other edge worker functionality.
Use your favorite javascript package installer( yarn or npm )to install the following package into the project with your lambda code.
NPM Spec Proxy AWS Edge@Lambda
The following snippet is the minimum amount of code required to create the origin request Edge@Lambda bundle:
Check Edge Workers page for config options
The process for this should be very similar to the previous bundle, with a slight variation on the methods we are calling to handle the response:
Check Edge Workers page for config options
Before using this integration, understand these limitations:
The timeout can be at most 5 seconds.
If Spec and Origin Server combined take more than 5 seconds to respond, the Edge@Lambda will return a 502 error.
The max memory can be 128MB.
Our library is very compact and does little processing, but this limit can come into play when integrating with existing functions that are heavy in business logic.
We can also run into issues here with very large request sizes.
For more information on working with lambdas and typescript:AWS Building Functions with TypeScript
Since there is no debugger in Edge@Lambdas, it can be helpful to add log statements in the code for the entire event object and view the logs in CloudWatch.
CloudWatch logs will be in the region closest to the viewer. It helps to know which region you are closest to when trying to access these logs.
In order to deploy a new Edge@Lambda, you must first create a new version. You can't use $LATEST to refer to an Edge@Lambda in the CloudFront console.