What is the usage of AWS Lambda@Edge for performing edge location computations in TypeScript

Question

Pulumi · Accepted Answer

AWS Lambda@Edge is a feature of Amazon CloudFront that lets you run Lambda functions in response to CloudFront events, such as requests for content to or from CloudFront edge locations. By using Lambda@Edge, you can easily run your code across AWS locations globally without provisioning or managing servers, which allows you to deliver content with lower latency to your customers.

The usage of Lambda@Edge typically involves associating a Lambda function with specific CloudFront events:

- **Viewer Request**: The function executes after CloudFront receives a request from a viewer, but before it checks if the requested data is in the cache.
- **Viewer Response**: The function executes before CloudFront forwards the response to the viewer, allowing you to modify the response that is returned to the viewer.
- **Origin Request**: The function executes only when CloudFront sends a request to your origin, which allows you to customize the request that CloudFront sends to the origin.
- **Origin Response**: The function executes after CloudFront receives the response from the origin and before it caches the object in the response.

You can use Lambda@Edge for a variety of use cases like website security and privacy, SEO, personalizing content, and more.

Let's create a simple Pulumi program in TypeScript to demonstrate a Lambda@Edge configuration. The following program sets up a Lambda function that will execute on viewer requests to modify HTTP headers for responses served through a CloudFront distribution.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create a new Lambda function to be executed at the edge.
const edgeLambda = new aws.lambda.Function("myEdgeLambda", {
    runtime: aws.lambda.NodeJS12dXRuntime,
    handler: "index.handler",
    role: myLambdaRole.arn, // ARN of an IAM role with permissions for the Lambda function
    code: new pulumi.asset.AssetArchive({
        "index.js": new pulumi.asset.StringAsset('exports.handler = (event, context, callback) => { // your Lambda@Edge code here }'),
    }),
});

// Associate the Lambda function with a CloudFront distribution.
const distribution = new aws.cloudfront.Distribution("myDistribution", {
    origins: [{
        domainName: "mybucket.s3.amazonaws.com", // S3 bucket or another origin
        originId: "myS3Origin",
        s3OriginConfig: {
            originAccessIdentity: "origin-access-identity/cloudfront/ABCDEFG1234567", // Cloudfront origin access identity
        },
    }],
    enabled: true,
    // Other required configuration like defaultCacheBehavior, priceClass, etc.
    defaultRootObject: "index.html",
    // Adding the Lambda@Edge to the CloudFront distribution
    orderedCacheBehaviors: [{
        pathPattern: "*",
        allowedMethods: [
            "GET",
            "HEAD",
            "OPTIONS",
        ],
        cachedMethods: [
            "GET",
            "HEAD",
        ],
        targetOriginId: "myS3Origin",
        forwardedValues: {
            queryString: false,
            cookies: {
                forward: "none",
            },
        },
        minTtl: 0,
        defaultTtl: 86400,
        maxTtl: 31536000,
        lambdaFunctionAssociations: [{
            eventType: "viewer-request",
            lambdaArn: edgeLambda.qualifiedArn, // The ARN of the qualified Lambda function version
        }],
    }],
    restrictions: {
        geoRestriction: {
            restrictionType: "none",
        },
    },
    viewerCertificate: {
        cloudfrontDefaultCertificate: true,
    },
});

// Output the CloudFront domain name to access your site
export const cdnUrl = distribution.domainName;
```

In this program, we define a Lambda function `myEdgeLambda`, which contains the code to be executed at the edge location (you would replace the placeholder with your actual code). We then create a CloudFront distribution `myDistribution` with an ordered cache behavior that specifies the Lambda function to be associated for the `viewer-request` event type. The `lambdaFunctionAssociations` property is where the connection between CloudFront and Lambda@Edge is made.

This program expects you to have an IAM role (`myLambdaRole.arn`) and S3 bucket (`mybucket.s3.amazonaws.com`) setup prior to running it, along with the correct origin access identity (`origin-access-identity/cloudfront/ABCDEFG1234567`). The `cdnUrl` exported at the bottom is the URL where you can access the content served through CloudFront with your Lambda@Edge modifications applied.

By running this Pulumi program, you deploy an AWS Lambda function and configure a CloudFront distribution to use Lambda@Edge, allowing you to perform computations at the AWS edge locations automatically.

Remember to replace placeholders (like `myLambdaRole.arn`) with actual resource names or ARNs from your environment before executing the program. Refer to the Pulumi documentation for more information on AWS resources:

- [Pulumi AWS Lambda documentation](https://www.pulumi.com/docs/reference/pkg/aws/lambda/function/)
- [Pulumi AWS CloudFront documentation](https://www.pulumi.com/docs/reference/pkg/aws/cloudfront/distribution/)